CopyCat malware infects Android devices around the world

• CopyCat primarily infected users in Southeast Asia followed by Africa and Americas
• Infected devices may have their private data stolen and left vulnerable for future attacks

IT security experts Check Point’s researchers have identified a mobile malware that has infected over 14 million Android devices between April and May 2016 and have earned the hackers behind the campaign approximately US$1.5 mil in fake ad revenues during the period.

The malware, dubbed CopyCat by Check Point mobile threat researchers, uses a novel technique to generate and steal ad revenues. Though the malware has affected users mainly in the Southeast Asia region, it has also spread to more than 280,000 Android users in the United States.

According to Check Point Software head of mobility for AMA (Africa, Middle East, Asia) Michael Petit (above), the malware actually focuses on skimming profit from the ad industry, indicating how lucrative it is for cyber criminals to engage in adware campaigns.

“They are able to steal sensitive information from victims, which can later be sold to third parties; leaving devices defenceless or use infected devices to conduct Denial of Service attacks,” he said.

For this reasons, adware like CopyCat is a major risk to both private and enterprise users. Attackers need nothing more than a compromised mobile device connected to a corporate network to breach its network and gain access to sensitive data while leaving the devices vulnerable.

CopyCat is a fully developed malware with vast capabilities that including rooting devices, allowing it to control any activity on the device including launching apps in the Android operating system.

Researchers believe the malware had spread through downloads from third party app stores as well as having been distributed via other apps and through phishing scams. There has been no evidence that the malware was distributed via Google Play, Google’s official app store.

According to Check Point Software HQ’s blog, the company had informed Google in March 2017 about the CopyCat campaign and how the malware operated. Google since said that they were able to quell the campaign and reduce the number of infected devices.

However, Check Point says that devices infected by CopyCat may still be affected by the malware even today.

Check Point advises users and enterprises to treat their mobile devices like any other part of their network and protect them with the best cyber security solutions available such as the company’s SandBlast Mobile and Anti-Bot blade.

Related Stories:

Malaysians’ concern about cyber security issues escalates: Unisys Security Index

Malaysia Crime Prevention Foundation joins efforts to increase cyber security awareness

Nigerian-phishing scammers steal more than just money