CopyCat malware infected 14 million outdated Android devices

[Batu69]

The virus made millions by infecting millions of phones with fake apps to churn out fraudulent ad revenue.

This CopyCat's got claws.

 

A new strain of a malware called CopyCat has infected more than 14 million Android devices around the world, rooting phones and hijacking apps to make millions in fraudulent ad revenue, researchers at Check Point said Thursday.

 

While the majority of victims are in Asia, more than 280,000 Android devices in the US were hit by the massive hack. Google had been tracking the malware for the last two years and has updated Play Protect to block CopyCat, but millions of victims are getting hit through third-party app downloads and phishing attacks.

There was no evidence that CopyCat was distributed on Google Play, according to Check Point.

 

"Play Protect secures users from the family, and any apps that may have been infected with CopyCat were not distributed via Play," Google said in a statement.

Keeping true to its name, CopyCat pretends to be a popular app that people on third-party stores, like SimSimi, which had more than 50 million downloads on the Google Play store. Once downloaded, it collects data about the infected device and downloads rootkits to help root the phone, essentially cutting off its security system.

 

From there, CopyCat can download fake apps, as well as hijack your device's Zygote -- the launcher for every app on your phone. Once it has control of the Zygote, it knows every new app that you've downloaded, as well as every app that you open.

 

CopyCat is able to replace the Referrer ID on your apps with its own, so every ad that pops up on the app will send revenue to the hackers instead of the app's creators. Every now and then, CopyCat will also throw in its own ads for an extra buck.

 

There's been nearly 4.9 million fake apps installed on infected devices, displaying up to 100 million ads. In just two months, CopyCat helped hackers make more than $1.5 million, Check Point estimated.

 

The malware also checks to see if the infected device is in China. Victims in China are spared from the cyberattack, and Check Point's researchers believe it's because the cybercriminals are Chinese and are trying to avoid any police investigations.

 

While there hasn't been any direct evidence on who is behind the attack, there has been several connections between CopyCat and the Chinese ad network MobiSummer. The malware and the ad company operate on the same server, and several lines in the virus's code is signed by MobiSummer.  The two also use the same remote services.

 

The majority of victims were in India, Pakistan, Bangladesh, Indonesia and Myanmar. More than 381,000 devices in Canada were infected with CopyCat.

The mobile malware spread through five exploits that hit devices running Android 5.0 and earlier and had been discovered and patched more than two years ago. Android users on older devices are still vulnerable to the attack, if they're downloading apps off third-party markets.

 

"These old exploits are still effective because users patch their devices infrequently, or not at all," Check Point said.

 

Google said even older devices are covered from CopyCat by using Play Protect, which is updated regularly as malware strains like CopyCat continue to grow.

 

The attack hit its highest number of victims between April and May of 2016 and has slowed down since Google blacklisted it on Play Protect, but Check Point believes infected devices could still be suffering from the malware.

 

Article source

[straycat19]

If you take a serious look at the phones that are infected in the US you will find most of them belong to kids or are their parents phones that they unwisely let their kids use to install and play games.  Most mature adults will only install those programs that have been approved by their IT department and that they need for their business activities which vastly reduces their chance of getting a malware program.  To kids phones are game machines, and to rogue developers, kids games can be a great source of income from ads and other undesirable actions.

[steven36]

1 hour ago, straycat19 said:

To kids phones are game machines, and to rogue developers, kids games can be a great source of income from ads and other undesirable actions.

It's not always kids ether  grown ups like too play games online as well  especially a lot of females . And even if it is a kid that did it. it's still the parents fault for being a noob and not putting protection against such threats  on these devices . Kids are led by example they dont have money too buy phones. If the parents are stupid enough too let kids infect there devices chances are there stupid enough too infect themselves . Stupid is as stupid does. Millions of grown up people getting infected by rasomware  that could of been prevented by not clicking on attachments in emails shows the world is full of stupid people and dont try too blame it off on innocent kids because most of world is ignorant.

 

When you talk about kids in such away you're talking about the parents themselves  . Me not being a stupid person  had too warn grownups about what spyware and malware was as they didn't even know  because i had too remove spyware  from there system were grownups not kids done it there own self! They are many teens that are computer geniuses ...I meet crackers online who could reverse about anything who were nothing but kids and I know grown ups who been on the internet since the 90s and they still don't know nothing and mess there devices up all the time.

[Mystique]

Most people here have or will have rooted or looked at gaining root access to their phone and the obviously means turning to a grey area in which you have to give a degree of trust and apply due diligence.
The very truth is that the android is as horrible as the same companies chrome extension library and anyone can turn rogue at any given time. I think its incredibly foolish of Google to deny any involvement. Apps may also come with loopholes and vulnerabilities which may be exploited by visiting bad websites or even shifty facebook ads.
Android being android you are essentially at the mercy of Google to resolve your problems, you don't have any sort of control, it is designed to be a money making machine which is why companies like Microsoft are salivating out of the mouth to replicate this walled garden in which they control whether you like it or not and if that means telemetry, spyware, foistware, ads, data mining... whatever then so be it as long as they get their cut of the pie and they have all the control which means control of the revenue and you.

Essentially they have themselves to blame (to a degree) for allowing this grey market to flourish because this grey market is where more freedom and control is given and people can use the phone exactly the way they want without being bombarded by rubbish.

This is not an age issue although lets be honest here young kids do stupid things but so do adults (we all know that family member that wants to always makes us their tech for stupid things) and why is that because they are ignorant and and are not as savvy so in saying that you both have a point.