A massive new malware threat, known as CopyCat infected 14 million devices, rooting some 8 million of them in the process. In two short months, CopyCat has earned $1.5 million for the attackers behind it.
CopyCat targets Android devices and it makes money by stealing advertising revenues. The malware has infected devices around the world, but it has seen the biggest impact in Southeast Asia.
CopyCat, a “fully developed malware” that able to gain root access. The malware injects code into Zygote, the app launching daemon tool in Android, in order to gain control over the victim’s device.
Once it controls Zygote, CopyCat make its money by fraudulently installing apps with its own ID. Then it displays fraudulent ads that are difficult to track down by the user.
Around 3.8 million infected devices used to serve fraudulent ads, and 4.9 million fraudulent apps installed on them. CopyCat steals credit for the installed apps on 4.4 million of the infected devices.
The hackers behind the campaign earn roughly $1.5 million in two months, infecting 14 million devices globally and rooting 8 million of them in what the security team calls an unprecedented success rate.
Check Point first came across CopyCat when it attacks a client of Check Point, prompting the company investigate the malware. After receiving certain information from the server’s behind CopyCat, the Check Point team reverse-engineered it.
Third-party app stores and certain phishing scams were the primary culprits behind CopyCat, as it didn’t seem to have infiltrated the Google Play store.
The number of devices that currently host the malware is much lower than at the campaign’s peak in spring 2016. However, devices infected by CopyCat may still affected by the malware even today.
Ultimately, more than half of the infected devices were rooted, due to old security patches. Android users should stay up-to-date on updating their OS, and rely on proper security hygiene practices to stay protected.