Android fans have been warned after an “aggressive” form of malware was found to have infected almost five million devices.

The malicious software has been dubbed RottenSys and it disguises itself as a tool to help manage Wi-Fi connections.

But instead of doing that, the malware asks for sensitive Android permissions like silent download permission and accessibility service permission.

Security experts Check Point said the malware could have entered devices during the supplier chain process.

They said devices that could be affected were made by Samsung, Huawei, Honor, Xiaomi, OPPO, Vivo and GIONEE.

Check Point added that all infected devices were distributed by an outsourced mobile phone supply chain distributor called Tian Pai that’s based in China.

In a blog post, the security experts said: “According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were infected by RottenSys.”

They added: “RottenSys is an extremely aggressive ad network. In the past 10 days alone, it popped aggressive ads 13,250,756 times (called impressions in the ad industry), and 548,822 of which were translated into ad clicks.”

Check Point discovered the RottenSys on a Xiaomi Redmi phone, with the device in question asking for “many” sensitive permissions not related to Wi-Fi.

The security experts said the malware uses a number of tactics to stay hidden, and that the software severely hit performance and battery life.

Speaking about how devices were infected with RottenSys, Check Point said: “In the list of observed malware distribution channels, we saw two names which suggest a possible connection to a Hangzhou based mobile phone supply chain distributor Tian Pai.

“Tian Pai related channels contribute 49.2% of the total number of infested devices that we observed.

“According to China National Enterprise Credit Information Publicity System, Tian Pai offers a wide range of services from presales customization, online/offline wholesale to customer care. It covers regional sales of top brands in the market such as Samsung, HTC, Apple, Xiaomi, ZTE, Coolpad, Lenovo, and Huawei.

“Tian Pai may not be a direct participant in the campaign. Yet, this correlates with our hypothesis that the malware entered the user’s device before purchase.”

To check if your Android device is infected with the RottenSys malware, head to the Android system settings.

Then, Check Point advised, go to the App Manager and check for the following malware packages and uninstall them:

• android.yellowcalendarz

• changmi.launcher

• android.services.securewifi

• system.service.zdsgt

In other Android news, Express.co.uk recently revealed that the Android Oreo successor – Android P – will have a great security feature.

It’s rumoured that the official unveiling of Android P, the next major version of Android, could be coming soon.

And ahead of the launch, details have emerged about what features will be in the latest version of Google’s mobile OS.

Due to the software’s open source nature, we already have an idea of some of the tweaks Google is working on for Android right now.

And one big new feature that’s in the pipelines will provide a major security boost for users.

According to XDA Developers, Android P will stop background apps from accessing your phone’s microphone or camera without you noticing.

This will ensure that malicious apps that run in the background can’t take compromising pictures that can then be used to blackmail a victim.

The new Android P feature was spotted in an Android Open Source Project (AOSP) commit.



READ SOURCE

LEAVE A REPLY

Please enter your comment!
Please enter your name here