Is Your Android Smartphone Infected with RottenSys Adware?

CheckPoint Security researchers have discovered that many of the Android smartphones manufactured in China are loaded with an adware that has been named RottenSys. This adware displays full-screen advertisement on Android smartphones and masquerades as a legitimate app. It uses some of the techniques used by trojans and cannot be completely shutdown even forcibly. The researchers first found this adware in the popular Xiaomi Mi smartphones that are being manufactures in China and India. Later, they also found the adware under different names in the Android smartphones of various other companies like Samsung, LeEco, Huawei, Oppo, Vivo, Gionee, etc.

The security researchers for CheckPoint security have identified some of the package names that contain this adware. There are four packages identified by them – com.android.yellowcalendarz, com.changmi.launcher, com.android.services.securewifi, and com.system.service.zdsgt.

You can either manually check for the packages installed in your Android smartphone or use an app called RottenSys Checker developed by Ashampoo Software. This app works in all versions of Android and can tell you if your device is infected with RottenSys or not. After launching this app, you can tap on the Check Now! button and it will tell you whether RottenSys malware app is detected or not.

RottenSys Checker

In case it does find the malware apps on your device, it will give you options to remove the apps. You can tap on the Delete button to get rid of these malware apps. After this, you can reboot your phone and make sure to scan your device once again using a good antivirus app.

You can read more about this RottenSys malware from https://research.checkpoint.com/rottensys-not-secure-wi-fi-service/. This is complete analysis of RottenSys by the CheckPoint Security researchers. They suspect that the infection took place at a packaging facility unbeknownst to the management. This also means that only the devices packaged in the China region are infected with RottenSys adware.