RottenSys

By GoldSparrow in Adware

Translate To:

There is a growing number of adware families, which target Android devices exclusively. There are some Android adware familie that are far more successful than others and have managed to generate millions of compromised devices. An example of this is the RottenSys adware family. Security experts believe that so far, the RottenSys adware program has been installed on over 5,000,000 Android devices. It would appear the majority of the affected Android devices are located in China. The most interesting fact about the RottenSys adware program is that it may be delivered via a supply-chain attack as there have been brand-new devices, which has the application already installed on them by the time it reached the consumer.

The RottenSys adware program is disguised as a WiFi utility, and as soon as it is active, it will ask the user to give it a very lengthy list of permissions. Most of the permissions requested by the RottenSys utility have no relation to WiFi, which may make some users suspicious. The RottenSys program will ask for over 30 permissions, including to manage the settings of the Android device, to change the background, to use notifications, to download files, and many others.

When the RottenSys program has been granted the permissions it requested, it will remain silent over a certain period. This is likely done so that the user does not realize that the spam of unwanted advertisements has been caused by the presence of the RottenSys program on their Android device. Interestingly enough, the RottenSys adware program does have all of its components when it is delivered to the breached device. Instead, the RottenSys program has to connect to its operators' C&C (Command & Control) server to download the components, which are missing. If the RottenSys adware program has received all the permissions it has requested, then this utility can download files without notifying the Android user. Once the RottenSys adware program has completed these tasks, it will begin bombarding the user with unwanted ads via their notifications menu, Web browser, and even home-screen of the device.

In July 2018, the RottenSys adware program had managed to compromise 800,000 new devices, which was the peak of the activity of this tool. The C&C server operated by the creators of the RottenSys adware program appears to have a botnet framework. It is likely that the compromised devices may be hijacked by a botnet and may be utilized in future hacking campaigns.

Many users overlook the safety of their mobile devices. If you want to avoid falling victim to mobile malware and adware campaigns, make sure to obtain a reputable anti-spyware application compatible with your OS.

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

RottenSys

Submit Comment

Trending

'YouPorn' Email Scam

Safe Search Eng

Findtheirreport.com

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen