A newly discovered powerful and fast spreading Android malware dubbed CopyCat has already infected more than 14 million android phones and raked more than $1.5 million in fake ad revenues in two months.
In capsule:
- Check Point researchers has found new powerful and fast spreading Android malware dubbed CopyCat.
- It affected more than 14 million devices and raked more than $1.5 million revenue through fake ads & illegal apps.
- The malware was spread through phishing and third party apps.
- Update your device and follow standard security practices to avoid infection.
A newly discovered powerful and fast spreading Android malware dubbed CopyCat has already infected more than 14 million android phones and raked more than $1.5 million in fake ad revenues in two months.The malware infected mostly users from Southeast Asia, but also over 280,000 users in the US. According to the reports, about 3.8 Million devices served fake ads, 4.9 million illegal apps were installed and 4.4 million devices stole credit for installing the application.Researchers at Check Point software technologies first came across the malware when it attacked devices at a customer’s business protected by Check Point SandBlast Mobile.Check Point’s team were able to get an idea of the working of CopyCat malware by retrieving the information from malware’s command and control servers.Copycat malware is a fully developed malware with vast capabilities which includes elevating privileges to root, establishing persistence and injecting codes to Zygote.A zygote is a daemon which is used for launching apps in Android.The malware has a modular structure, each module has different roles. This helps developers to choose and change their strategy and behavior of the malware according to target and device.Even though researchers informed Google and stopped the malware attack, it's better to check whether your has been infected or not and update your device w because 50% of the device was rooted due to outdated security patches. 
CopyCat Android scam flowchart
Here the CopyCat first roots the device and gain full control of the device, then by launching malicious code in zygote app launching process allows the hacker to get revenue by getting credit for illegally installing apps by substituting real ID with his/her own ID. By using control over the device CopyCat also installs fraudulent apps and fake ads.
Disclaimer:
Secure Reading has no confirmed sources for the information shared in the above news/articles. It relies on various unconfirmed inputs, social media claims, and websites for its content, and cannot guarantee the accuracy, timeliness, and genuineness of the same. If there is any error in the news, and once it is brought up to our attention with relevant evidence, Secure Reading is willing to make necessary corrections as applicable.
