CopyCat Malware Infects 14 Million Android Devices

Android malware dubbed CopyCat has infected 14 million devices running Google’s mobile operating system, causing havoc by rooting around eight million of them.

According to cyber security company Check Point, which discovered and named the malware, the infections have provided hackers with around $1.5 million (£1.1m) in revenues generated and stolen from fake advertising campaigns served up by CopyCat.

The malware mostly infected devices in South East Asia, though Check Point said it managed to reach 280,000 Android users in the US.

CopyCat malware

“CopyCat is a fully developed malware with vast capabilities, including rooting devices, establishing persistency, and injecting code into Zygote – a daemon responsible for launching apps in the Android operating system – that allows the malware to control any activity on the device,” said the Check Point research team.

“Upon infection, CopyCat first roots the user’s device, allowing the attackers to gain full control of the device, and essentially leaving the user defenseless.

“CopyCat then injects code into the Zygote app launching process, allowing the attackers to receive revenues by getting credit for fraudulently installing apps by substituting the real referrer’s ID with their own.”

But CopyCat also has another trick up its sleeve, making it a particularly nasty Android infection.

“In addition, CopyCat abuses the Zygote process to display fraudulent ads while hiding their origin, making it difficult for users to understand what’s causing the ads to pop-up on their screens. CopyCat also installs fraudulent apps directly to the device, using a separate module,” Check Point explained.

The researchers alerted Google to the malware and noted the search giant was able to quell the campaign but not before it had spread a fair bit. However, Check Point said that there may still be devices infected with CopyCat today.

It is currently unclear who is behind CopyCat, but Check Point noted there are signs that it points towards the MobiSummer ad network located in China, though there is a chance that the network could simply have been exploited by hackers,

Advertising based malware appears to be a consistent problem with Android given that the recent Judy malvertising campaign managed to infect up to 36.5 million devices.

Are you a security pro? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago