At one point in time, malware seemed to be localized to Windows computers. Over the past few years, it has also become prevalent on other devices, including mobile devices. According to Check Point Research, the latest malware is an adware program that has supposedly infected over 5 million (mostly) Chinese-made smartphones since September 2016. The three most popular brands targeted are Honor, Huawei, and Xiaomi with phones by OPPO, vivo, Meizu, LeEco, Coolpad, GIONEE, and even Samsung making the list.
The malware in question has been dubbed RottenSys and masks itself as a “Secure Wi-Fi Service” on infected devices. The malware works by displaying ads which allow the attackers to collect on a per click and per thousand impressions basis. Check Point Research found that in a period of 10 days earlier this month, RottenSys served up 13,250,756 ads which were clicked over 500,000 times which results into $115,000 of earnings for the attackers.
As best as Check Point Research can tell, just under half the infected phones came through Tian Pai, a mobile phone supply chain distributor based out of Hangzhou. While these devices appear to be shipping before purchase with the adware installed, they were quick to mention that Tian Pai may have no knowledge of the pre-installed malware. For the full technical analysis of RottenSys, hit up the link at the bottom of this post.
To check if your device is infected with RottenSys, go to Android system settings→ App Manager, and then look for the following possible malware package names:
If any of above is in the list of your installed apps, simply uninstall it.
We do have an Honor 7 that we’re currently reviewing and can confirm that we did not find any of those package names installed on our review device. It’s quite possible this adware is only affecting devices in some markets outside the U.S., but it never hurts to check — especially if you bought a device from one of the affected vendors over the internet.
Last Updated on March 17, 2018.