Security researchers have discovered a huge malware campaign that continues to grow and has already infected around 5 million mobile devices worldwide.
The malware, called RottenSys, is disguised as a ‘System Wi-Fi service’ app and it actually came pre-installed on millions of brand new smartphones manufactured by the following companies; Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE.
One thing that researchers have determined so far is that all of the infected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor. However, researchers have not concluded if the company has had direct involvement in this incident.
Check Point Mobile Security Team, the team that discovered RottenSys lurking say that it is a malware that doesn’t provide any secure Wi-Fi related service but that takes almost all sensitive Android permissions to enable its malicious code.
The malware is designed so that when it is installed, there is no malicious code initially. Rather, the RottenSys malware was communicates with its command-and-control servers to get the list of required components, which contain the actual malicious code.
RottenSys then downloads and installs the malicious code, using the “DOWNLOAD_WITHOUT_NOTIFICATION” permission that does not require any user interaction.
According to the CheckPoint researchers, the malware has made its authors more than $115,000 in the last 10 days alone, as it is pushing ads on to users home screens, but the attackers are up to “something far more damaging than simply displaying uninvited advertisements.”
Since RottenSys can download and install any new code from its servers, attackers are able to easily take full control over millions of infected devices.
In addition, researchers have also said that the RottenSys attackers have already started using millions of these infected devices to build a huge botnet network.
How to Find and Remove Android Malware?
To check if your device is being infected with RottenSys, go to Android system settings→ App Manager, and then look for the following possible malware package names:
If any of above is in the list of your installed apps, uninstall it right away.