RottenSys Android Malware – How Chinese Criminals Exploit IT

Overall, the world has a lot of reasons to be grateful to Android, RottenSys Android Malware is not one of them.  It has effectively brought capable smart devices within the budgets of people who either can’t afford or just don’t want to pay for iOS gadgets. It also has a lot of appeal to people who don’t like to be confined within Apple’s “walled garden” and consider themselves willing and able to navigate their way through the jungle of Google Play.

At the same time, the fact that even budget Android devices pack a decent amount of technological power and are, quite literally, in the hands of people who don’t necessarily know their way around IT security, is becoming a potential cause for concern.

While Apple must have been hugely embarrassed by the revelation that a security flaw in certain Mac OS devices allowed anyone to log in as an administrator, the reality was that it would only be an issue in a restricted set of circumstances and would require physical access to the computer.

By contrast, intelligence provided by security firm Check Point suggests that Chinese criminals have used a piece of malware called RottenSys to target up to 5 million Android smartphones. Up until now, the criminals have contented themselves with simply displaying adverts on the phones and collecting the resulting revenue (around $10,000 per day), however, Check Point believes that the criminals behind the scam have stepped up their efforts and are now either in or near a position in which they could use the infected handsets as a botnet.

At the moment, the scam is believed to target only handsets which are bought in China and used in China and there appear to be a couple of reasons for this.

Firstly, there is a suggestion that some instances of the malware are a result of an insider (or insiders) at the factory who have access to consignments of handsets intended for the mainland Chinese market and who are infecting the handsets before they reach the shop.

Secondly, as yet, Google Play does not operate in China and so the app market is a bit more of a “freefor-all” with Chinese consumers who are, understandably, quite used to the idea of downloading thirdparty apps from non-Play sources (indeed having basically no other alternative). Hopefully, the fact that Google Play exists in most of the world should mean that users in other countries can stick to using apps from a relatively safe source.

Admittedly, the safety of the apps on the Google Play store depends entirely on Google’s vigilance in monitoring it but, given the reputational and commercial issues at stake, it’s probably a reasonable assumption that Google will wish to maintain user confidence in its store. So, it is probably rather less likely that such an attack could take place elsewhere, although it does highlight the importance of educating users, of all ages, on the importance of respecting fundamental IT security precautions.