Trustaira Blog
July 13, 2017        Trustaira Staff

A new malware has been revealed by “Check Point” recently which has attacked more than 15 million android device around the world, rooting phones and hijacking apps to make millions in fraudulent ad revenue. The name of this catastrophic Cyber threat for Android is ‘CopyCat’.

CopyCat Cyber Threat for Android

CopyCat: Cyber Threat for Android

How Your Phone Gets Affected?

CopyCat impersonate itself a popular application on Third Party App Store that people are downloaded most from Google Play Store.  When it downloaded, it collects information form compromised device and downloads rootkits for rooting the phone for cutting off the security system of that phone. By rooting phone, this malware inject code into “Zygote-Daemon” which is responsible for lunching Apps in Android operating system. Once the Zygote is compromised by this malware, then the malware knows every new app that are downloaded, as well as every app that opened or closed.

How CopyCat Earns Millions!

How CopyCat Earns Millions

CopyCat can replace the Referrer ID on apps with its own, so every ad that pops up on the app will send the earnings to the hackers in place of the original apps developer. Every now and then, CopyCat will also throw in its own ads for an extra money.

Risky Regions:

More than 280,000 Android devices in the US were affected by the massive hack. Google had been tracking the malware for the last two years. And Google has updated Play Protect to block CopyCat, but millions of victims are getting affected through third-party app downloads and phishing attacks. But the majority of victims are were in India, Pakistan, Bangladesh, Indonesia and Myanmar.

This cyber threat for Android attacks devices those are running Android 5.0 Lollypop and earlier version and patched more than two years ago. Old android device users are still vulnerable to get infected by this malware, if they  download apps from the third party app stores.

According to Check Points, “These old exploits are still effective because users patch their devices infrequently, or not at all”

According to Google, “Even older devices are covered from CopyCat by using Play Protect, which is updated regularly as malware strains like CopyCat continue to grow.”

This massive attack happened between April and May of 2016 and it has been slowed down by Google blacklisting it on Play Protect, but Check Point believes infected devices could still be suffering from the malware.

Tips: Do not download apps from Third Party or Unauthorized App store if your devices are not fully patched up or protected.

                                                           Stay Updated. Stay Safe.