A report from the cyber-security firm Avast advised that the group has never ceased activity within its operations and it is still continuing to maliciously alter the firmware of more and more devices growing its user base. Avast stated in their report that more than 140 Android smartphones and tablets were affected by this malware. The malware runs from the “/system” folder with has full root access rights and the main role of this malware is to establish a connection to a remote server and download an XML file and install the apps that are in the XML document. The malware is currently being shipped as the firmware component and it can get the handle of the app crooks and install it without the permission of the user.
The apps that are installed by this malware just show the ads on the top of the apps and the Android interface itself. Many Android users have reported ads showing up on their screens. The main aim of the malware is to generate the revenue via ads and no other bad behaviour. When the malware downloads these apps the language is set to Chinese and the public IP of the malware’s server is of China’s. The group operating the malware might be in China but Avast was not able to confirm this.
Avast said that it is currently very hard to track the malware as it runs at the firmware level and there are so many device carrier networks.