Israel based Check Point Security has revealed the presence of a malware family called RottenSys in smartphones disguised as a Wi-Fi service which helps attackers earn revenue through forceful ads.
This mobile adware has affected 5 million devices since it came to light in 2016. Checkpoint’s findings further state that the malware started in 2016 and by March 12, 2018, smartphones from brand such as Honor, Huawei and Xiaomi were affected. The total number of devices affected were 4,964,460 so far.
A similar system Wi-Fi service present on Chinese smartphone manufacturer Xiaomi needs many mission critical Android permissions like accessibility service permission, user calendar read access and silent download permission. None of these have any function related to Wi-Fi service.
The forceful ad network has so far garnered 548,822 ad clicks which has helped attacked garner $115k in the last ten days.
Speaking on the development, Vijay Ramachandran, a veteran enterprise technology watcher says that the detection of this threat, only illustrates the perfect storm created by the concurrent rise in mobile workers and malware. “That the attackers have been testing a new botnet campaign, has serious consequences for corporate and their staff who can easily become unwitting participants in an attack. “
He further states that it becomes more critical for IT and security teams to have visibility into all devices accessing corporate networks and data. Specifically, into the applications on the devices and their behavior.
Indrajeet Bhuyan, an independent security researcher pointed out the since so many people in India use smartphones made these brands, the impact will be huge in India as not many are aware of such malware which comes pre installed on the phone and remote access in this case might lead to crypto mining and large scale botnet attacks.
This is not a one-off incident. There have been numerous incidents of privacy issues on smartphones from across the world. For example, a report from Tencent Holdings and the Data Centre of China Internet pointed out that 97% of android applications on Chinese phones had access to users’ privacy. One fourth of these applications had been proven to violate this privacy. In a country where 96.3% of internet users are on their phone, this is a serious threat.
Chinese smartphones also have a tradition of being easily infected by malware. For example, in 2016, it was discovered that a lot of cheap, Chinese smartphones used microchips built by Taiwanese-based company MediaTek. These chips became infamous because of a setting that allowed hackers root access to these mobile devices. Root access allows a person to read, modify and delete important system and personal files without the user releasing any changes had been made.
But what makes the malware more worrying is the fact that the attackers according to the report by CheckPoint are planning to test new botnet campaigns through this malware which will remotely control people’s mobile devices and use it for large scale botnet attacks.
However, China has not just been a victim of smartphone security breaches. In August 2017, in the midst of the Doklam stand-off, the Indian government ordered a few smartphone manufacturers to provide details of the manufacture of their devices to verify that there were no security threats. The majority of those companies ordered to provide information were Chinese.