In recent months government agencies across the Western hemisphere as well as the big corporations have had multiple cases of being under cyber attacks. These attacks have had a variety of reasons, like disrupting their servers, compromising important data, obfuscating information and in many cases simply causing a disruption in the corporation’s function to hurt its stock valuation. Most of these attacks have been carried out by independent Chinese groups in multiple different ways. Ransomware, phishing and malware attacks have increased in 2018. There were fears that the Chinese have accelerated their cyber warfare ambitions, however the exact schematics were unknown.
Yesterday, it was revealed that the Chinese malware operation is far bigger and more comprehensive than previously imagined, as it now counts 5 million devises in its cyber army. These bots have helped it in a variety of different purposes. The new malware that has emerged, titled “RottenSys”, aims for smartphones this time. The purpose of this malware is to aggressively target civilians and push ads on their devices. It was considered a harmless unethical exercise until it was further revealed that a new Lua-written module had been placed in these ads which would convert the affected devices into a botnet as well without the user even realizing.
This new botnet has extensive capabilities and has the ability to install additional apps without the user having a clue. Most of these apps utilize UI automation which concurrently hides the apps being installed. As of right now, there is no indication that the developers behind RottenSys have been abusing the user information or using the infected devises for cryptomining related activities. The group that discovered this practice stated that although these crooks might not be abusing this loophole right now, some other group might realize this deficiency in the smartphones’ security and exploit it for some other purpose.
The group titled, Check Point has additionally revealed that this practice may have been going on since 2016. Other activities like this having been going in the same period but none of them have been able to affect as many as 5 million devices.
Check Point has stated that it is willing to work with law enforcement agencies to prevent and tackle this practice from continuing any further.
