reads theanalysisof Check Point.
According to our findings, the RottenSys malware began propagating in September 2016.
By March 12, 2018, 4,964,460 devices were infected by RottenSys, the researchers said.
RottenSys uses two evasion methods.
The first is to postpone any malicious activity to avoid connection between the malicious app and the malicious activity.
RottenSys is an extremely aggressive ad connection.
The attackers earned more than $115,000 with their malicious ad operation within the last 10 day alone.
The attackers plan to leverage Tencents Tinker utility virtualization framework as a dropper mechanism.
The payload which will be distributed can turn the victim equipment into a slave in a larger botnet.
This botnet will have extensive capabilities including silently installing additional apps and UI automation.
Interestingly, a part of the controlling mechanism of the botnet is implemented in Lua scripts.
Source:THN
Read More
source: www.techworm.net
