Security firm Checkpoint has come up with an alarming news for the Android Devices. Recently, it has disclosed the news of the discovery of “CopyCat”, a malware against the Android devices, which has already been infamous for pouncing on at least 14 million victims.
This Android CopyCat produces revenue for the attackers through several mechanisms, including ad fraud and affiliate app installations.
This CopyCat has the ad fraud component similar to the Gooligan Malware that was again unveiled by Check Point in November 2016.
According to Daniel Padon, the mobile threat researcher at Check Point, “We called it [CopyCat] because it takes credit for installations it didn’t initiate, which is the big technological innovation it presents”.
How does this CopyCat works?
The CopyCat Malware successfully injects code into Android’s Zygote application launcher to serve the purposes of downloading new applications as well as to display fraudulent online advertisements to victims. This unauthorized application installation and fraud ads have produced revenue summing up to $1.5 million over a time span of two months for the CopyCat attackers, as per CheckPoint’s estimations.
Further, CheckPoint’s investigations also estimated that CopyCat was firmly activated between April and May 2016 and out of the 14 million Android devices it attacked, almost 8 million, i.e. 54% were rooted by the CopyCat Malware, enabling the attackers’ full entrance to the infected devices. In addition, CheckPoint also estimated that CopyCat Malware was successful in fraudulently installing 4.9 million apps on the infected user devices.
Padon has also provided a number of reasons as to why 100 percent of the 14 million Android devices got affected by it. Firstly, fully patched devices are found to be more difficult to root, though it doesn’t signify that unpatched Android devices are also quite easy to root.
Padon also regarded that majority of the of the rooting attempts are actually unsuccessful, but this has gained quite a notably high success rate.
Records state that almost 55% i.e. over half of the CopyCat infections have occurred in Asia, while in the USA the security firm estimates state that CopyCat has approximately infected 280,000 Android users.
Lastly, Padon regarded that it had informed Google about this CopyCat Malware even before publishing its research. As per CheckPoint’s analysis, it couldn’t detect any evidence that the distribution of the CopyCat Malware was done via the Google Play Android App Store.
He regarded that, “We usually inform Google as soon as we catch an active malware, so it can take action against it and protect users as soon as possible”.