Attack of the Phones.

Time to read
2 minutes
Read so far

Attack of the Phones.

Thu, 03/29/2018 - 20:44
Posted in:

Checkpoint are on point, to say the least – their latest triumph has been the discovery of a creeping and creepy malware already infecting over 5 million Android phones.

Creeping because the numbers are growing and creepy, because your phone comes with this malware pre-installed.  Checkpoint believe that this malware was added into the supply chain and to phones as far back as September 2016.  

Check Point researchers have tracked this back to the distributor Tian Pai which has meant a large range of phones have been infected, namely Honor, Huawei, Xiamo and Oppo. If you haven't heard of any of them, they think that Samsung got hit too. 

[Cyberhub Summit Coming to Austin, Tx | May 3, 2018 - Cyber Security education for executives and business owners, Exclusive Dinner and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]

As of now, there are two solutions to apply a band aid to the current mess. The first is to check for the following apps in your app Manager and delete them. 

  • com.changmi.launcher (畅米桌面)
  • (系统WIFI服务)
  • com.system.service.zdsgt
  • (每日黄历)

Another solution would be to download the app 'Ashampoo RottenSys Checker' for free to scan your cell for the malware, which scans your system and removes the malware with your agreement, this is free.  

That's right your brand-new Android phone from China comes complete with a special "System Wi-Fi service" that’s going to bug you with ads all day long. RottenSys, the named malware doesn't even provide secure Wi-Fi, it just takes almost all sensitive Android permissions to enable attacks. 

So, without clicking a button or in this case, swiping or scrolling, RottenSys has full access to cell phone command and control servers and can start sorting through your preferences and activating the malicious code.  

Then the unsuspecting phone owner will start receiving a full-scale onslaught of unregulated ads, already making the cybercriminals revenues in the hundreds of thousands of dollars, because believe it or not, some of us don't just dismiss the ads or even if we do, with advertisers being charged, per impressions or click, the advertisers will have to pay the criminals, whether they like it or not.  

Researchers have stated that "RottenSys" is one of those seriously hostile ad networks, popping over 13mil ads in ten days and gaining over half a million clicks.   

If any Android phone owner wasn't concerned about cybersecurity on their cell before, they probably are now, especially if they have a phone that acts like a door-to-door salesman.  It's all pretty annoying and unfortunately for the Android users, it doesn’t end there or at least that’s what the Security experts are expecting.  

Apart from overloading users with ads, the malware has the potential of starting a Phone-war led by bots, that will flood other apps into the phone and mess with the victims User interface.  The design of RottenSys means that it can both download and install new components and hackers can take control at a later date over the mobile device.  This isn’t merely a prediction, some of the phones have already been found to by silently installing apps and of course automated UI.
The producers of the phones are claiming ignorance and this would mean that somewhere along the supply chain, RottenSys was added in, a little gift spliced into your phones software which wasn't identified. 

This definitely shows a significant upgrade in mobile ransomware and will have all of us looking suspiciously at our phones or at least, thinking long and hard before we purchase the next one. 

By James Azar on 3/29/18

Article first reported at CyberHub Summit