The listed android applications are reported as RottenSys packages:
The malware shows significant level of evasion wherein the initial dropper component starts at a pre-defined time and beckons to the C2
server which sends it a list of additional components required for its activity. Using the Open source virtualization framework
-"Small"- it manages to integrate all the components to achieve the combined malicious functionality.
Reportedly these malware aggressively displays advertisements on the device's home screen, as pop-up windows or full-screen ads to
generate fraudulent ad-revenues, having the capability to download malware components without the user consent [the malware has
DOWNLOAD_WITHOUT_NOTIFICATION' permission ], the malware can take complete control of the devices and can perform any activities according
to the attacker's whim.