Chinese Crooks Assembling Massive Botnet of Nearly 5 Million Android Devices

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A Chinese malware operation is currently building a massive botnet of nearly 5 million Android smartphones using a strain of malware named RottenSys.

In its current form, RottenSys is being used to aggressively display ads on users' devices, but researchers from security firm Check Point have found evidence that crooks are deploying a new Lua-written module for gathering all infected handsets into a giant botnet.

"This botnet will have extensive capabilities including silently installing additional apps and UI automation," researchers said, fearing that crooks may get brazen and abuse RottenSys for something more intrusive and damaging to the user, rather than just displaying ads on his screen.
Click to expand...

RottenSys uses virtualization and "undead" processes
There have been other Android malware families observed in the past, but few managed to infect so many devices. The reasons behind RottenSys' success are found in its code.

The malware uses two open-source projects shared on GitHub —Small, an application virtualization framework; and MarsDaemon, a library that keeps apps "undead."

First, RottenSys uses Small to create virtualized containers for its internal components, allowing them to run in parallel, at the same time —something that the Android OS does not natively support— and help with the app delivery process.

Second, RottenSys uses MarsDaemon to keep processes alive, even after users close them, making sure the ad injection mechanism cannot be turned off.
Click to expand...

RottenSys active on the Chinese market
The only weak spot in the malware's internal mode of operation is its installation routine. Apps infected with RottenSys tend to ask for a huge list of permissions. Attentive users can easily spot and avoid installing such apps. But, alas, not all Android users are privacy-conscious, and most day-to-day users will tend to give apps all the permissions they need.

Remind you; there's no Google Play Store in China, so most users aren't aware of proper Android security best practices and will install apps from shady third-party stores on a regular basis.
Click to expand...
 
  • Like
Reactions: Deletedmessiah, harlan4096, upnorth and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Malware News Over 200 malicious apps on Google Play downloaded millions of times
Replies
1
Views
1,191
Security News
Digmor Crusher
Digmor Crusher
Gandalf_The_Grey
    • Wow
    • Like
    • Applause
Security News French police push PlugX malware self-destruct payload to clean PCs
Replies
0
Views
2,360
Security News
Gandalf_The_Grey
Gandalf_The_Grey
lokamoka820
    • Like
    • +Reputation
Malware News Android malware 'Necro' infects 11 million devices via Google Play
Replies
1
Views
1,590
Security News
i7ii
i7ii

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top