WARNING: Android users put on alert after malware discovered pre-installed on smartphones


Android users have been put on alert after security researchers discovered that a dangerous form of malware has been pre-installed on a number of popular smartphones.

The malware, dubbed RottenSys, was discovered by cyber security firm CheckPoint, who say it is already present on more than 5 million handsets.

RottenSys disguises itself as a tool that help users manage their Wi-Fi connections.

However, instead of doing that it asks for a series of sensitive permissions such as download and accessibility service permissions, which a legitimate app of this nature shouldn’t require access to.

It then displays rogue advertisements in order to generate fraudulent ad revenue for its creators.

What’s more, Check Point says the it is likely the malware was installed on the phone during the supply chain process.

They added that handsets from some of the most popular Android smartphone manufacturers are likely to be affected, including Samsung, OPPO, Huawei, Honor, Vivo, Gionee and Xiaomi.

Check Point said that all the handsets infected to date were distributed by a Chinese firm called Tian Pai.

“According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were infected by RottenSys”, Check Point said in a blog post.

“RottenSys is an extremely aggressive ad network. In the past 10 days alone, it popped aggressive ads 13,250,756 times (called impressions in the ad industry), and 548,822 of which were translated into ad clicks.”

Check Point said they discovered RottenSys on a Xiaomi Redmi smartphone, with the app requesting many sensitive permissions, most of which had nothing to do with Wi-Fi.

The researchers say the malware uses many tricks in order to avoid detection and can seriously impact system performance and battery life.

Explaing how devices were infected, Check Point said:

“In the list of observed malware distribution channels, we saw two names which suggest a possible connection to a Hangzhou based mobile phone supply chain distributor Tian Pai.

“Tian Pai related channels contribute 49.2% of the total number of infested devices that we observed.

“According to China National Enterprise Credit Information Publicity System, Tian Pai offers a wide range of services from presales customization, online/offline wholesale to customer care. It covers regional sales of top brands in the market such as Samsung, HTC, Apple, Xiaomi, ZTE, Coolpad, Lenovo, and Huawei.

“Tian Pai may not be a direct participant in the campaign. Yet, this correlates with our hypothesis that the malware entered the user’s device before purchase.”

How to check if your device is infected

Check Point says users can check if the RottenSys malware has infected their device by going to System Settings > App Manager.

You then need to check if any of the following are present on your device:

  • android.yellowcalendarz
  • changmi.launcher
  • android.services.securewifi
  • System.service.zdsgt

If they are, you need to install them.


Comments are closed.