Laying out the facts and rumors behind the devastating malware “CopyCat,” and
how it is infecting and rooting Android smartphones around the globe.
The news of a malicious software called “CopyCat” has been making its rounds online recently.
It is said to have infected more than 14 million Android devices.
This malware, running on Google’s OS for mobile phones, is wreaking havoc.
So far, it has supposedly rooted over 8 million devices. So, if you have a reason to believe your phone is not protected enough, now would be a good time to look into that.
The cyber security firm Check Point has released a report stating that this particular malware has earned the hackers close to $1.5 million in revenue generated from fake ad campaigns.
Even though the malware started off by infecting devices in Southeast Asia, Check Point also mentioned that it managed to infect around 280,000 users in the United States.
How CopyCat Works
The malicious software disguises itself as a popular app for Android, which users have to download from a third-party store.
As soon as it’s downloaded, the CopyCat malware starts collecting data from victims’ devices all the while downloading rootkits that would eventually root the smartphone.
When the Android device has been successfully rooted, the malware completely removes the device’s defenses and injects a particular code into the Zygote app that automatically displays fraudulent ads on useless apps in order to generate revenue.
So far, the majority of victims have been people from Indonesia, India, Pakistan, Bangladesh and Myanmar.
According to recent reports, the CopyCat malware has also found its way into more than 381,000 Android devices in Canada, as well as over 280,000 users in the U.S.
The researchers signaled Google about the malware and knew that the search engine giant had the capability to stop the attacks—but not before the attacks spread out even further.
Nonetheless, Check Point said there could still be devices infected by this malware today.
It is presently unclear what individual or group is behind CopyCat, but Check Point said there are indicators pointing toward the MobiSummer advertisement network in China, though there is a possibility that the system might have simply been exploited by hackers.
Marketing-based malware seems to be arecurring issue with Android, especially considering that the Judy malvertising campaign earlier this year ultimately infected up to 36 million devices.
CopyCat & the Chinese Advertising Network
Despite many efforts, nobody has been able to establish who is behind the malware campaigns.
But so far we know the following facts:
The CopyCat malware and MobiSummer app both operate on the same server.
The malware and MobiSummer share the same remote services.
MobiSummer features several lines of code that can be found in the malware.
The CopyCat malware did not target any of its Chinese users despite mostly operating in Asia.
While these connections typically may exist, they do not serve as concluding evidence that MobiSummer is in fact behind the creation of the malware.
Google’s spokesperson, Aaron Stein, shed some crucial information on how this phishing tool functions and what the company is doing to protect Android users from getting infected.
He said the company has been keeping a watchful eye on a variant of the CopyCat malware for a few years.
Stein included that Google Play Protect, a security function that identifies and removes malicious apps from smartphones, would now protect devices from these infections even if they are running on older Android versions.
CopyCat is a version of a more comprehensive malware family Google has been watching since 2015.
Whenever a new version shows up, Stein said the company upgrades its discovery systems to safeguard users.
Play Protect keeps them from being vulnerable to the malware grouping, as well as any apps that could have been infiltrated by CopyCat that are no longer available on Google Play Store.
CopyCat Part of a Larger Trend
Deceitful marketing has actually come to be a lucrative method for criminals to conduct their own sort of businesses online.
In 2016, Check Point discovered several advertising fraud scams like “HummingBad,” which infected 300,000 devices in the U.S. and 100,000 in the U.K., as well as an additional scam nicknamed “Gooligan,” which took control of over a million Google accounts.
Various other rip-offs consist of “Methbot,” which swiped approximately $5 million per day, and “YiSpecter,” which targeted Apple operating systems.
It remains to be seen how the great minds of the tech industry and its users combat these increasingly devastating phishing attacks.