UPDATED 21:31 EST / JULY 06 2017

INFRA

Ad revenue-stealing ‘CopyCat’ malware discovered on 14M+ Android devices

A recently discovered form of malware has infected more than 14 million Android devices worldwide and is believed to have earned the hackers behind the campaign about $1.5 million in fake-ad revenues over the last two months.

Researchers at Check Point Software Technologies Ltd., which dubbed the malware “CopyCat,” said the malware has spread by use of phishing scams and through bundling with popular apps offered for download on third-party app stores. Once it is installed on a given Android device, CopyCat roots the device, allowing it to bypass operating-software controls. It then injects the Zygote launching process app, a part of Android’s code dedicated to launching apps, with code that allows unauthorized apps to be installed on the device.

“CopyCat abuses the Zygote process to display fraudulent ads while hiding their origin, making it difficult for users to understand what’s causing the ads to pop-up on their screens,” the Check Point Mobile Research Team said in a blog post. “CopyCat also installs fraudulent apps directly to the device, using a separate module. These activities generate large amounts of profits for the creators of CopyCat, given the large number of devices infected by the malware.”

The good news is that Check Point believes that CopyCat infections already peaked in April and May 2016 and that while infections are still ongoing that are far less so than at its peak. The company informed Google Inc. of its findings in March 2017, and Google claimed it was “able to quell the campaign,” although how it did so is not clear.

Google has released a number of Android device updates since that time including a new release this week. But many in the security community consider the Android security update process completely broken because of its reliance on smartphone makers and telcos to push the updates out. That means few Android users have likely received a patch that protects against CopyCat yet.

The advice, as always, is to practice safe Internet by installing antivirus software on Android devices and not installing apps from third-party app stores.

Photo: 29233640@N07/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Cookies

We employ the use of cookies. Find out more.