Short Bytes: The Check Point security researchers have published the details of a massive malware campaign that infected Android smartphones. Called CopyCat, this malware was able to infect about 14 million devices and root 8 million of them. The malware was spread via phishing and third-party app stores which hosted malicious versions of popular apps. While the malware campaign has been stopped, it’s possible that your phone might be infected due to a prior infection.
Following the recent outbreak of WannaCry and Petya/NotPetya malware, which targetted Windows machines, an Android malware is making headlines. According to a new report published by the Check Point researchers, CopyCat has infected about 14 million Android smartphones and rooted about 8 million of them.
If you’re interested in numbers, after the infection of CopyCat, about 3.8 million devices served fraudulent ads, 4.9 million fake apps were installed, and 4.4 million devices stole credit for installing applications. It should be noted that the CopyCat malware reached its peak between April and May 2016.
The security researchers first came across the malware when it attacked the devices protected by Check Point SandBlast Mobile. By retrieving the information from malware’s Command and Control servers, they were able to get an idea of the working of CopyCat malware.
CopyCat malware was able to infect so many devices with the help of phishing scams and third-party app stores which had popular apps, repackaged with malware. Researchers didn’t find any clue of CopyCat being distributed via Google Play Store.
Talking about its abilities, CopyCat is a fully-developed malware with dangerous capabilities like rooting devices and persistency enablement. It’s also able to inject code into Zygote, which is a daemon responsible for launching apps in Android OS.
By using the state-of-the-art technology to perform various types of ad fraud, CopyCat first roots the device and allows the notorious agents to gain full control of the device. By launching the malicious code in Zygote, the hacker is able to get revenue by getting credit for illegally installing apps with his/her own ID. Hacker also uses the control over the system to display fake ads and install fraudulent apps. By using these tactics, a large amount of profit has been generated by the creators of CopyCat adware.
Earlier this year in March, Check Point informed Google about the CopyCat malware campaign and its working. As a result, the infection was curbed. However, it’s possible that your device might be still infected by CopyCat.
As more than 50% of the devices were rooted due to outdated security patches, just like any other operating system, Android users must keep their systems updated and follow standard security practices.
You can read more about the CopyCat malware in this technical report.