50

"Pre-Installed Malware Found On 5 Million Popular Android Phones"
"added somewhere along the supply chain"

See below how to check if it's installed

Sources:

- (new) https://thehackernews.com/2018/03/...
- (new) https://research.checkpoint.com/rot...
- (old relevant news) https://thehackernews.com/2017/03/...

---

"Rottensys" a malware which covers devices from: Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE

---

"According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were infected by RottenSys," researchers said.

"At this moment, the massive malware campaign pushes an adware component to all infected devices that aggressively displays advertisements on the device’s home screen, as pop-up windows or full-screen ads to generate fraudulent ad-revenues."

---

If you have one of the affected devices, here's how I checked mine:

1. Install ADB (Windows: https://forum.xda-developers.com/sh...)
2. Connect your device in USB-debugging mode
3. execute "adb shell 'pm list packages -f' > output.txt" (On windows navigate to C:\adb and replace "adb" with ".\adb.exe")
4. open the now created output.txt
5. search for any of those:

com.android.yellowcalendarz (每日黄历)
com.changmi.launcher (畅米桌面)
com.android.services.securewifi (系统WIFI服务)
com.system.service.zdsgt

Comments
  • 3
    @Haxk20 its quoted above, for now it pushes ads to the screen, but its capable of essentially anything
  • 3
    @1989 I wrote them 🤣 but you can get adb from other sources too, it's just easier through the xda installer.
  • 2
    @Haxk20 I wrote at the end of the rant how you can check if you have it installed, not all devices give you an easy way to search by package name
  • 4
    Thank you! I've had hard time figuring out what app is showing popup ads on my dad's phone (Samsung). I didn't expect it to be system app. Let's see if I can find it now.
  • 2
    @joas you're welcome, hopefully it's that or else you would have to look for other adware apps. I think there was some app scanners on the playstore, that did actually check the installed apps too (kaspersky? not sure)
  • 2
    Another reason I don’t use android...
    (Well, google android with ODM junk on top...I might consider using clean android.)
  • 2
    Never heard of this. Also never seen an ad (beside browser) on my phone's screen since 2013. Can anyone beside OP confirm the existence of this malware?
  • 3
    @Agred the research got published on March 14, 2018 (finding that some devices are pre-installed with it) and nobody that isnt actually affected by it, can really "confirm" it.
  • 3
    @JoshBent I know, I know, I just wanted to see if there are some people from community that has been infected 🙂
  • 2
  • 2
    @JoshBent What do you mean by #3 instructions? I have 4 files in C:\adb and I set C:\adb in PATH
  • 4
    Moto Z here
  • 3
    Not Android's fault, which they sent a copy with a virus of...
  • 4
    Glad I installed linage on my xiomi
  • 2
  • 2
    I always root and install a custom rom
  • 3
    😂 fucking hell... Not the first time anything like this has happened, definitely not the last.
  • 2
    @CozyPlanes when you're in C:\adb instead of entering "adb ***" you enter ".\adb.exe ***" (*** being the rest of the command posted above)
  • 2
    @Haxk20 well a fix is to just remove it, if its a system app then most likely you will need to root your device though, except if theres some way to do it via ADB too.
Add Comment