Security researchers came across an adware they named RottenSys (Trend Micro detects this family as ANDROIDOS_ROTTENSYS) that has reportedly affected nearly 5 million Android devices since 2016. Named after a sample they analyzed, RottenSys has 316 variants so far, each customized for the operators’ campaigns and targeted advertisement platform and distribution channel. Further probing into RottenSys revealed that operators were experimenting on it for a new campaign that turns the affected devices into becoming part of a botnet.
[TrendLabs Research: The 2017 Mobile Threat Landscape]
RottenSys is disguised as a Wi-Fi security app/service and asks for Android permissions. Once installed, it connects to its command-and-control (C&C) server after a timed delay — one of the ways RottenSys evades detection. Another is how the adware contains only a dropper component that doesn’t conduct any malicious routine by itself. Here is how RottenSys works:
[From TrendLabs Security Intelligence: GhostTeam Adware can Steal Facebook Credentials]
MarsDaemon affects the device’s performance and can significantly drain its battery. But more than increasing wear and tear, the researchers found that RottenSys’ operators may have already earned more than US$115,000 within a span of 10 days.
As a botnet malware, it enables operators to enslave the devices and surreptitiously install more applications. These render the affected devices themselves a catalyst for further spreading malware.
Users can uninstall RottenSys by going to the device’s system settings. Under the app manager UI, look for these package names and uninstall them:
[DevOps Security: Mobile App Security for Developers]
Indeed, RottenSys is just the latest among the ever-growing list of potentially unwanted applications, particularly adware. While adware used to be limited to being a nuisance, their diversity and maturity in the threat landscape mean they are projected to steal more than user browsing habits or consume more resources. Users need to be more discerning of the apps they download and practice security hygiene. Organizations with BYOD policies, where both personal and corporate data are accessed in the same device, should balance flexibility and productivity with security and privacy.
End users and enterprises can also benefit from multilayered mobile security solutions such as Trend Micro™ Mobile Security for Android™ (also available on Google Play). Trend Micro™ Mobile Security for Enterprise provide device, compliance and application management, data protection, and configuration provisioning, as well as protect devices from attacks that leverage vulnerabilities, preventing unauthorized access to apps, as well as detecting and blocking malware and fraudulent websites.
Trend Micro’s Mobile App Reputation Service (MARS) covers Android and iOS threats using leading sandbox and machine learning technologies. It can protect users against malware, zero-day and known exploits, privacy leaks, and application vulnerabilities.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.