Security

CopyCat malware infects 14M devices, shows 'unprecedented success rate'

Check Point researchers have identified a new malware that they said infected some 14 million devices, rooting 8 million of them. The malware has generated $1.5 million for attackers.

A massive new malware threat, known as CopyCat has infected 14 million devices, rooting some 8 million of them in the process, according to a blog post from Check Point researchers. In two short months, CopyCat has earned $1.5 million for the attackers behind it.

CopyCat targets Android devices and it makes money by stealing advertising revenues, the post said. The malware has infected devices around the world, but it has seen the biggest impact in Southeast Asia.

Check Point called CopyCat a "fully developed malware" that is able to gain root access. The post noted that it then has the ability to inject code into Zygote, the app launching daemon in Android, in order to gain control over the victim's device.

SEE: The Four Volume Cyber Security Bundle (TechRepublic Academy)

Once it has control over Zygote, CopyCat makes its money by fraudulently installing apps with its own ID. It then can display fraudulent ads that are difficult to track down by the user, the post said.

Of the infected devices, 3.8 million were used to serve fraudulent ads, and 4.9 million had fraudulent apps installed on them, the post said. CopyCat was able to steal credit for the installed apps on 4.4 million of the infected devices.

It should be noted that Check Point itself provides IT security products. The firm first came across CopyCat when it had attacked a client of Check Point, prompting the company to investigate the malware. After receiving certain information from the server's behind CopyCat, the Check Point team reverse-engineered it.

Third-party app stores and certain phishing scams were the primary culprits behind CopyCat, as it didn't seem to have infiltrated the Google Play store. The researchers alerted Google to the campaign, and Google said it was able to stop it.

The number of devices that currently host the malware is much lower than at the campaign's peak in spring 2016. However, "devices infected by CopyCat may still be affected by the malware even today," the post said.

Ultimately, more than half of the infected devices were rooted, due to old security patches the post said. Android users should stay up-to-date on updating their OS, and rely on proper security hygiene practices to stay protected.

The 3 big takeaways for TechRepublic readers

  1. The new CopyCat malware infected 14 million devices, rooting some 8 million of them in the process, and earning $1.5 million for attackers.
  2. After rooting the device, CopyCat took over the Zygote daemon to install apps and serve fraudulent ads to make money.
  3. CopyCat had a high success rate with rooting devices because of old vulnerabilities. Android users should update their OS and stay current with all patches.

Also see

mobilemalware.jpg
Image: iStockphoto/Ali Kerem Yücel

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox