Dubbed CopyCat, the malware has capabilities to root infected devices, found persistency, together with inject malicious code into Zygote – a daemon responsible for launching apps on Android, providing the hackers total access to the devices.
Over xiv Million Devices Infected; 8 Million of them Rooted
According to the safety researchers at Check Point who discovered this malware strain, CopyCat malware has infected xiv 1 one 1000 thousand devices, rooted nearly 8 1 one 1000 thousand of them, had 3.8 1 one 1000 thousand devices serve ads, together with 4.4 1 one 1000 thousand of them were used to pocket credit for installing apps on Google Play.
While the bulk of victims striking past times the CopyCat malware resides inwards South together with Southeast Asia amongst Republic of Republic of India existence the most affected country, to a greater extent than than 280,000 Android devices inwards the United States were besides infected.
While there's no testify that the CopyCat malware has been distributed on Google Play, the Check Point researchers believe that millions of victims got infected through third-party app downloads together with phishing attacks.
Like Gooligan, CopyCat malware besides uses "state-of-the-art technology" to comport out diverse forms of promotion fraud.
CopyCat uses several exploits, including CVE-2013-6282 (VROOT), CVE-2015-3636 (PingPongRoot), together with CVE-2014-3153 (Towelroot) to striking devices running Android 5.0 together with earlier, which are all widely used together with really old, amongst the most recent uncovered 2 years ago.
The success of the drive clearly indicates that millions of Android users all the same rely on old, unpatched, unsupported devices.
Here's How CopyCat Infects Android Devices
CopyCat disguises equally a pop Android app that users download from third-party stores. Once downloaded, the malware starts collecting information most the infected device together with downloads rootkits to assistance root the victim's smartphone.
After rooting the Android device, the CopyCat malware removes safety defenses from the device together with injects code into the Zygote app launching procedure to fraudulently install apps together with display ads together with generate revenue.
"CopyCat abuses the Zygote procedure to display fraudulent ads piece hiding their origin, making it hard for users to empathize what's causing the ads to pop-up on their screens," Check Point researchers say.
"CopyCat besides installs fraudulent apps direct to the device, using a divide module. These activities generate large amounts of profits for the creators of CopyCat, given a large set out of devices infected past times the malware."In only ii months of fourth dimension span, the CopyCat malware helped the hackers brand to a greater extent than than $1.5 Million inwards revenue. The bulk of turn a profit (over $735,000) came from nearly 4.9 1 one 1000 thousand mistaken installations on infected devices, which displays upwardly to 100 1 one 1000 thousand ads.
The bulk of victims are located inwards India, Pakistan, Bangladesh, Indonesia, together with Myanmar, though over 381,000 devices inwards Canada together with to a greater extent than than 280,000 devices inwards the U.S. are infected amongst CopyCat.
CopyCat Malware Spreads Using Chinese Advertising Network
While there's no direct testify on who is behind the CopyCat malware campaign, researchers at Check Point found below-mentioned connections that request hackers mightiness convey used Chinese advertising network 'MobiSummer' for the distribution of the malware.
- CopyCat malware together with MobiSummer operate on the same server
- Several lines of CopyCat's code is signed past times MobiSummer
- CopyCat together with MobiSummer purpose the same remote services
- CopyCat did non target Chinese users despite over one-half of the victims residing inwards Asia
"It is of import to regime notation that piece these connections exist, it does non necessarily hateful the malware was created past times the company, together with it is possible the perpetrators behind it used MobiSummer’s code together with infrastructure without the firm’s knowledge" Check Point researchers say.Android users on older devices are all the same vulnerable to the CopyCat attack, but exclusively if they are downloading apps from third-party app stores.
In March 2017, Check Point researchers informed Google most the CopyCat campaign, together with the tech giant has already updated Play Protect to block the malware.
So, Android users fifty-fifty on older devices are protected through Play Protect, which is updated regularly equally malware strains such equally CopyCat proceed to grow.
Share This :
comment 0 Comments
more_vert