Massive malware campaign infected 5 million Android devices

Malware campaign android

Did you know that a recent malware attack called the RottenSys infected as much as 5 million android devices, which put the users of all of those devices at risk of getting hacked and having their data stolen?

Android’s popularity has put a target at its back and has made the users slightly unsafe

Popular tech news site Hacker News reported that a new malware had entered the online world, and this time, its target is the smartphone operating system called Android, which is an open-source OS powered by the tech giant named Google.
Android is unarguably the most popular and best-selling smartphone OS in the world since 2011. In the current era, it is reported that there are more than two billion monthly active users of the Android platform, which makes it the most extensively installed base of any operating system, not just smartphones, which is also much higher than Windows.
Similarly to Windows, which is the number one recipient of malware and virus attacks among computer users due to the OS’s increasing popularity in the market, Android is dealing with the same kind of trouble with fame as the number of malware attacks has raised on smartphones.

These attacks on Android smartphones and other supported devices have been introduced online various shapes and forms, primarily in the way of malicious apps. It is reported that more than 4 million new malicious apps for Android have been inducted into various platforms for app download, and this number is undoubtedly expected to increase in the future given the high level of data and information shared on Android.

Given the popularity of Android, many small brands have also opted to make the prime OS for their product phones that are cost-effective but doesn’t come with a proper security protocol. It is why many advanced brands like Samsung and LG are safe from such malware attacks. It is the users of low key brands that are the most vulnerable.

The new Malware is called RottenSys and has infected millions of Android phones

According to various online news and tech outlets, a massive attack was reported on as much as 5 million Android devices across the globe. The breach was said to be a malware dubbed RottenSys, which entered those Android devices in the form of a “System Wi-Fi service” application. Though, as we mentioned earlier, that Android phones of the big brands were not infected, the malware was able to breach the security protocols of other brands like Vivo, Xiaomi, Huawei, Gionee, and Oppo.

RottenSys malware is known to be an active ad network as it pops aggressive ads among the Android device without the proper consent of the user. It is reported that as much as 548,822 clicks were translated into ads out of 13,250,756 pops under ten days.

The source of those infected phones was Tian Pai, known to be a mobile devices distributor based in Hangzhou, China. Most reports suggested that the distribution company had nothing to do with the malware, but the company is still not out of the hot water.

The malware within those Android phones was detected by Check Point Mobile Security Team and declared that the System Wi-Fi service app was, in fact, RottenSys, an advanced piece of malware. The team didn’t find any traces of any legitimate Wi-Fi security service within the malware app as it actively performed malicious activities under the mask of the Wi-Fi app. The security team also stated the following:

“According to our findings, the RottenSys malware began propagating in September 2016. RottenSys infected 4,964,460 devices.”

The Workings of the Android-based malware called RottenSys

Despite the notice of the various security outlets, the malware is still hard to identify as a proper virus as it comes with no other malicious components and does not initiate its malicious activities at once, which makes it even harder for antivirus software to detect it. However, it takes the malicious codes from external servers as it was reported that the RottenSys malware was created to communicate to its C&C servers to distinguish a list of intended components that mostly included malicious codes.

The “DOWNLOAD_WITHOUT_NOTIFICATION” code was used by the malware to bypass permission from the user to avoid detection and performing evil doings and damage of the Android device in the background. By not letting itself to ask any consent, the RottenSys malware would get the full liberty to install new components from its C&C servers and cause more mayhem within the Android phones.

Botnet and DDoS attacks are the number one form of stealing information and causing chaos within the network of an average user, and this what was found from the reports of RottenSys and the information behind the hacking group that designed the RottenSys malware. All of those five million Android phones begun were at risk of turning into a botnet.

The means to avoid malware attacks on Android devices – Final Thoughts

Regardless of the mechanism or the platforms that the users use, these malware attacks are unstoppable as some people wish to cause disruption all the time. These attacks have primarily increased due to our over-reliance on the digital platform of all kinds. It is why it is necessary to arrange for things to prevent such attacks so that it doesn’t cease our working routine. Primarily, every user of Android phones or the computer system should know how to detect and remove Android malware.

Here are the steps to remove the RottenSys malware form the Android system:

  • Tap into the settings of the phone and locate the App Manager/App settings;
  • Uninstall the following malware apps if they are installed in your Android phone;
    – com.changmi.launcher;
    – com.system.service.zdsgt;

It is also wise to install an antivirus software/app on your Android phone, which is capable of detecting even the slimiest of malware before it even reaches its trigger points. Such antivirus software are not only capable of removing malware from the depths of the Android phone but also capable of boosting the sluggish speed even if the malware had infected the smartphone.

It is also extremely essential to not install or access malicious or unverified platforms to download apps and other files, as they are an evident hub for such malware to breed and infect your Android phones at first sight.

About the author
Jake Doevan
Jake Doevan - Computer security guru

Jake Doe is a security expert and news editor of His major is Communication and Journalism, which he obtained from the Washington and Jefferson College.

Contact Jake Doevan
About the company Esolutions

The world’s leading VPN