Cybersecurity firm Check Point have detected CopyCat adware on 14 million Android devices. CopyCat primarily targeted Asian users, especially in the south-east of the continent; however, other countries were also affected. This includes the United States where over 280,000 infections are believed to have taken place. Furthermore, the malware infected users with older Android versions, generally Android 5.0 or earlier.
Check Point describes CopyCat as a "fully developed malware with vast capabilities, including elevating privileges to root, establishing persistency, and to top it all - injecting code into Zygote."
"Zygote is a daemon whose goal is to launch apps on Android, and injecting code into it allows the malware to intervene in any activity on the device," the security company's research paper explains.
Rather than infecting users through the Google Play store, CopyCat entered a user's system through phishing attacks and third-party stores. It collected information on the user and installed additional malware which allowed a device to be rooted. Check Point estimates that with a combination of at least 100 million adverts and 4.9 million fake app installs, the perpetrators earned over $1.5 million in just two months.
Recommendation: Users are advised to only download applications and games from trusted sources – for example, the Google Play Store. This greatly reduces the risk of encountering malware. It should also be ensured that the latest operating system updates are installed to reduce the amount of exploitable vulnerabilities available to cybercriminals.Last modified on Monday, 17 July 2017