SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
10 Jul 2017

CopyCat malware infected 14 million outdated Android devices

This CopyCat's got claws. A new strain of a malware called CopyCat has infected more than 14 million Android devices around the world, rooting phones and hijacking apps to make millions in fraudulent ad revenue, researchers at Check Point said Thursday.

While the majority of victims are in Asia, more than 280,000 Android devices in the US were hit by the massive hack. Google had been tracking the malware for the last two years and has updated Play Protect to block CopyCat, but millions of victims are getting hit through third-party app downloads and phishing attacks.

There was no evidence that CopyCat was distributed on Google Play, according to Check Point. "Play Protect secures users from the family, and any apps that may have been infected with CopyCat were not distributed via Play," Google said in a statement. Keeping true to its name, CopyCat pretends to be a popular app that people on third-party stores, like SimSimi, which had more than 50 million downloads on the Google Play store. Once downloaded, it collects data about the infected device and downloads rootkits to help root the phone, essentially cutting off its security system.

From there, CopyCat can download fake apps, as well as hijack your device's Zygote -- the launcher for every app on your phone. Once it has control of the Zygote, it knows every new app that you've downloaded, as well as every app that you open.

CopyCat is able to replace the Referrer ID on your apps with its own, so every ad that pops up on the app will send revenue to the hackers instead of the app's creators. Every now and then, CopyCat will also throw in its own ads for an extra buck. There's been nearly 4.9 million fake apps installed on infected devices, displaying up to 100 million ads. In just two months, CopyCat helped hackers make more than $1.5 million, Check Point estimated.

The malware also checks to see if the infected device is in China. Victims in China are spared from the cyberattack, and Check Point's researchers believe it's because the cybercriminals are Chinese and are trying to avoid any police investigations.

While there hasn't been any direct evidence on who is behind the attack, there has been several connections between CopyCat and the Chinese ad network MobiSummer. The malware and the ad company operate on the same server, and several lines in the virus's code is signed by MobiSummer.  The two also use the same remote services.

The majority of victims were in India, Pakistan, Bangladesh, Indonesia and Myanmar. More than 381,000 devices in Canada were infected with CopyCat. The mobile malware spread through five exploits that hit devices running Android 5.0 and earlier and had been discovered and patched more than two years ago. Android users on older devices are still vulnerable to the attack, if they're downloading apps off third-party markets.

"These old exploits are still effective because users patch their devices infrequently, or not at all," Check Point said. Google said even older devices are covered from CopyCat by using Play Protect, which is updated regularly as malware strains like CopyCat continue to grow. The attack hit its highest number of victims between April and May of 2016 and has slowed down since Google blacklisted it on Play Protect, but Check Point believes infected devices could still be suffering from the malware.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
Android information leaks CopyCat fraud
Source:
CNet
1843
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015