A new day, a new form of malware hitting Android

Jul 7, 2017 11:39 GMT  ·  By

Android users have once again been exposed to malware, as security company Check Point detected a new form of CopyCat that hit no less than 14 million devices across the world.

Primarily aimed at Asian users, but also infecting devices in other markets like the United States and Canada, CopyCat is specifically going after outdated Android devices, as it exploits vulnerabilities in older versions of the operating system.

Google says it has already banned CopyCat in Play Protect, but it looks like the malware wasn’t downloaded from the Google Play Store anyway, but rather from infected apps published in third-party stores.

Approximately 280,000 Android devices in the United States and another 381,000 in Canada were infected, early statistics show.

CopyCat lands on Android phones as part of apps that are distributed in third-party stores and once it compromises a device, it collects system information and downloads additional malware that can eventually help root the device. This means the cybercriminals get root privileges on the device, bypassing security systems and having full control over the system.

100 million ads, $1.5 million in revenue

CopyCat monitors apps running and being installed on the infected device and it replaces ads with its own, while also showing its own banners every once in a while. This helps malware writers generate money, and Check Point says they made approximately $1.5 million with no less than 100 million ads and 4.9 million fake apps that were installed on compromised devices.

There’s a good chance the malware comes from China, though this isn’t confirmed just yet. The security company found some connections with Chinese ad network MobiSummer, and it says that attackers have even whitelisted Chinese users, meaning they haven’t been hit by the virus most likely as the hackers wanted to avoid any investigation from the local police.

The malware is primarily aimed at devices running Android 5.0 and earlier, and Google warns that devices need to be fully up to date to make sure CopyCat doesn’t infect them. Furthermore, downloading Android apps only from trusted sources is a good way to remain secure.