RottenSys - Android malware for ad-frauds
Disguised as a harmless Wi-Fi service, the hidden malware RottenSys comes pre-installed with millions of Android devices. During tests, a team from Check Point Research discovered that the service is a next-generation spyware that floods devices with ads. To achieve this, the malware requests system permissions to silently download additional components then used to display advertisements and to generate fraudulent ad-revenues.
Play it safe fast and free of charge
Ashampoo® RottenSys Checker quickly scans your device for the RottenSys malware. Based on information provided by Checkpoint Research, Ashampoo® RottenSys Checker quickly scans your device and lists all malicious software packages. The malware can then be completely removed with a simple tap.
- Download Ashampoo® RottenSys Checker from Google Play Store
- Tap to launch and tap again to run the test
- Identified threats can be removed with a simple tap
Devices likely infected within the distribution chain
Check Point Research has traced the majority of infected devices back to the distributor Tian Pai. It is therefore likely the devices were infected prior to shipment. According to present knowledge, only devices directly imported from China are affected.
That's why a wide range of different devices are affected. With over 700,000 infected devices, Honor has been hit the hardest, followed by Huawei, Xiaomi and Oppo. Even premium manufacturers like Samsung are affected, if only slightly.
After the successful infection, RottenSys bothers users with aggressively displayed ads on their homescreens or through pop-up windows and full-screen ads. So far, RottenSys has only acted as adware but it has the potential to become a far more serious threat. Using the DOWNLOAD_WITHOUT_NOTIFICATION permission, RottenSys can sneak newly downloaded components past all common security restrictions. RottenSys has been distributed since 2016 and became active for the first time in 2017 with lucrative results for the developers:
Check Point Research: "RottenSys is an extremely aggressive ad network. In the past 10 days alone, it popped aggressive ads 13,250,756 times (called impressions in the ad industry), and 548,822 of which were translated into ad clicks."
It is estimated the attackers earned over $115,000 with RottenSys in the last 10 days alone.