Chinese hackers building a botnet out of five million compromised Android devices

RottenSys malware used to create army of bots

botnet

Security researchers have discovered malware that could be assembling a botnet army composed of five million compromised Android devices.

Researchers from cyber security firm Check Point said that the RottenSys malware was targeted at Android users through an app disguised as a WiFi service. It was originally used as malware to serve fraudulent ads on users' displays.

RottenSys has been active since September 2016, amassing approximately 4,964,460 devices by March this year. The top impacted mobile devices brands are Honor, Huawei, and Xiaomi. With its ad serving capabilities, it has been able to make $115,000 in revenues every ten days.

But now evidence has come to light that a new module in the malware is attempting to create a botnet. Researchers said that hackers have been testing a new botnet campaign via the same command and control server since the beginning of February 2018.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The attackers plan to leverage Tencent's Tinker application virtualization framework as a dropper mechanism. The payload which will be distributed can turn the victim device into a slave in a larger botnet," the researchers said.

"This botnet will have extensive capabilities including silently installing additional apps and UI automation. Interestingly, a part of the controlling mechanism of the botnet is implemented in Lua scripts. Without intervention, the attackers could re-use their existing malware distribution channel and soon grasp control over millions of devices."

According to researchers, the malware may have entered the user's devices before purchase with half of them bought through a Chinese distributor. This suggests that a rogue employee or group may be behind the infection.

Researchers said that users can uninstall the RottenSys dropper if they know the exact package name to remove. At the present time, researchers could not say how the hackers might try to use the botnet they have created.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/microsoft-windows/354526/memes-and-viking-funerals-the-internet-reacts-to-the
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020