New Malware “RottenSys” Targeting Xiaomi, Samsung and Other Brand Smartphones

With the highly increasing usage of internet on Android smartphones makes every tap so much worried. It becomes so much easy for any malware to enter on your Android device and do some malicious activity. That’s why Google is continuously implementing more and more new policies to make their Android operating system safer. The main disadvantage of Android is, it is an open source so any malware can be shipped to your Android device and it can get installed. Now you are thinking this can be only possible on cheaper brand devices, but not in actual. It can also harm even the high-end devices. Today, I am going to talk about the one malware names as a RottenSys. This malware comes with a pre-installed on Android device. Shocked?

What is RottenSys?

RottenSys is the pre-installed as a system Wi-Fi service malware on the Android smartphones. Researchers at Check Point Mobile Security found this new malware on a millions of smartphones which includes some high-end device manufactures brands include Xiaomi, Samsung, Honor, Huawei, Vivo, Oppo, and Gionee. The list is not limited to these brands, it also includes some other companies. Researchers found the malware does some unwanted activities in the victim’s device. However, the most common activity is to display some kind of advertisements on the device home screen. It pops up anytime and the user has to close it.

Check Point Mobile Security researchers team has found that this malware has already targeted over 5 million users.

I Knew It!

The researchers found this virus firstly on the Xiaomi device. The Wi-Fi service in Xiaomi device was not working properly instead of it should work properly, it was asking some kind of unwanted permissions from the user like silent download permission, user calendar access permission, and accessibility service permission. In fact, the Wi-Fi service doesn’t require any permissions in Android smartphone. Here is the list of all permissions asked by this malware.

Intelligent Working Method

According to the researchers, this malware contains the dropper component. I know most of you don’t understand such type of terms. But in one word it is one type of you can say as a tool which is used to download something in the device. Once the victim’s device comes under the internet network it downloads the dropper on the device automatically and once it installed, it contacts their server which sends the components to download on victim’s device.

RottenSys is made such way that it is able to download anything on your device silently in the background. This is possible with the DOWNLOAD_WITHOUT_NOTIFICATION permission. After every set up gets done by the malware, it starts the malicious activity on the smartphone like to display ads on the home screen as full-screen ads or pop-up ads.

Money, Money, Money!

After the whole research, the company found some really shocking numbers. In past 10 days, such type of unwanted ads popped up nearly 13,250,756 times (it is called the impressions in the ad industry). From them, 548,822 translated into the ad clicks.

Now let’s take a look on their estimated earnings. As per the estimated calculations the attackers have earned more than $115,000 just from this malicious malware attack in only 10 days!