Pre-installed RottenSys Malware Infecting Android Devices

March 24, 2018 | By admin

Malware

Android is considered to be the most popular operating system for smartphones, making it an inviting target for scammers and hackers. Almost 97% of the malware identified for mobile devices have been designed for attacking Android smartphones.

A new widespread malware family infecting almost 5 million users for fraudulent ad-revenues was recently discovered by the Check Point Mobile Security Team. They have called it ‘RottenSys’ since in the sample it was discovered to be disguised as a System Wi-Fi service. The top brands that were infected include Huawei, Lenovo, Coolpad, ZTE, Xiaomi, Samsung, and HTC. More than 49% of the infected devices were shipped via Hangzhou based mobile phone supply chain distributor Tian Pai who also provide presale customization and customer services.

Android Malware Dubbed RottenSys

This Android malware was discovered on a Xiaomi Redmi phone by Check Point Mobile Security Team. The application demands sensitive Android permissions instead of securing users Wi-Fi related service. Besides using a number of evasion techniques, it initially postpones it’s malicious activity for a specific time period and the dropper component does not display any malicious activity.

RottenSys’s Malicious Operation

RottenSys employs two evasion techniques;

  • The first refers to postponing its operation for a set time in order to avoid the connection between the malicious activity and the malicious app.
  • As its second evasive tactic, RottenSys is available only with a dropper component, which initially does not display any malicious activity.
  • After activating the device and installing the dropper, this Android malware contacts its Command and Control (C&C) server which then sends it a list of extra components needed for its activity.
  • These components comprise of the actual malicious code and are downloaded from the C&C server after the list is received by the dropper.
  • These components silently get downloaded by employing the DOWNLOAD_WITHOUT_NOTIFICATION permission which does not need any user interaction. Three additional components are usually downloaded by the malware.
  • Next, an open-sourced Android framework, called ‘Small’, is used and this framework is an Android application virtualization framework.
  • This framework permits all components to run alongside each other in a simultaneous manner and attain the combined malicious functionality of an extensive rough ad network, displaying advertisements on the device’s home screen, as full-screen ads or as pop-up windows.
  • For its ad fraud operation, RottenSys is adapted to use the Guang Dian Tong (Tencent ads platform) and Baidu ad exchange.

Malware removal is thus becoming a growing necessity with Android malware simultaneously growing at an alarming rate. This has indeed resulted in security firms gearing up, with their own malware protection software in order to protect Android devices and their users from malware attacks.

Some Android antivirus software offers fundamental features such as data wiping, remote tracking, data backup etc, and a few of the advanced ones provide proactive protection against viruses, potentially risky settings, unsafe apps etc. There are a few Android antivirus programs that are even capable of protecting devices against theft, besides blocking the entry and interference of malicious apps and files. Personal information of users, including videos, personal contacts, photos and much more get protected while Android antivirus also enables identifying and restricting unauthorized calls, banking Trojans, block ransomware etc, thus protecting sensitive personal data from being misused or stolen.

The best antivirus software is offered by Comodo’s Free Antivirus for Android, capable of protecting Android devices against unsafe apps, potentially risky settings, viruses and even from theft. Comodo Free Antivirus for Android is considered to be the best antivirus software for malware removal as it effectively protects personal information such as personal contacts, videos, and photos to name a few.

Antivirus

 

Be Sociable, Share!
Be Sociable, Share!

Tags:

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>