Even as Google continues to implement new policies to make Android safer, security researchers keep finding severe flaws in the OS that could potentially compromise the privacy and security of millions of users around the world. One of the disconcerting things about Android security is the growing instances of malware being shipped pre-installed on phones and tablets. What’s even more alarming is that these malware aren’t only being shipped on devices from smaller, lesser known brands, but on phones from giant multinational enterprises, such as Huawei, Xiaomi, and even Samsung.

Meet Pre-installed Malware ‘RottenSys’

Cyber-security researchers at

Spotting the Malware

CheckPoint researchers first spotted RottenSys in a Xiaomi Redmi device, where it was provide any Wi-Fi service at all. It also asks for a bunch of permissions that have nothing to do with Wi-Fi anyways, like, accessibility service permission, user calendar read access and silent download permission (see image below).

Image Courtesy: Check Point Research

RottenSys in Numbers

As far as the timeline is concerned, the Check Point Mobile Security team says that the RottenSys malware began propagating in September 2016, and by March 12, 2018, as many as 4,964,460 devices were infected by it. Users in China seem to be the primary targets of the malware, seeing as it is adapted to use the ad platforms of Chinese tech giants Tencent and Baidu for its fraudulent operations.

Image Courtesy: Check Point Research

Modus Operandi

According to researchers, any user interaction.

What’s staggering is that RottenSys goes much beyond being a (relatively) harmless adware. According to CheckPoint, the cyber-criminals deploying the software have also been testing a new botnet campaign via the same command-and-control server.

Show Me the Money

The researchers have also detailed exactly how the software avoids detection while going about its merry ways, increasing data download charges, reducing battery life, affecting performance, and putting stress on the hardware. According to the company, RottenSys “popped aggressive ads 13,250,756 times (called impressions in the ad industry), and 548,822 of which were translated into ad clicks”.

At a conservative estimate of 20 cents for each click and 40 cents for each thousand impressions, the researches believe the software has already been able to earn over $115k for cyber-criminals in just a ten-day period.

Image Courtesy: Check Point Research

How to Get Rid of RottenSys From Your Device?

Luckily, the researchers have also detailed an easy way of getting rid of the malware, in case you have it on you device. All you need to do is