According to latest stats, a whopping 99.6% new mobile phones run on the Android platform powered by Google. With the positive advancements comes the negatives as well, malicious malware being one of them. Just recently a malicious software named ‘CopyCat’ has infected millions of devices running on the Android operating system and has collected more than a Million Dollars as part of the fraudulent advertising and app installations. The news has been first floated by an Israeli cyber security agency, Check Point Software Technologies on Thursday, July 6th, 2017.
The details of this news are proudly brought to you by a professional branding agency in the USA. The malware operations that hiked during the April and May of 2016, has spread to as many as 14 million handheld devices and has reaped as much as $1.5 million in only the space of those two months, said the researchers. The wide spreading of the malware seems to be the results of third-party app stores and phishing attacks, rather than through the official Google Play app.
Daniel Padon is a mobile security researcher at the firm that disclosed the news of CopyCat. He told Fortune that his team reported the operation of the malware to Google in March as soon as it was discovered, but at that time, Google had taken care of much of the problem. According to the estimates provided by Google itself, fewer than 50,000 devices are affected till date by the malware. The search giant has since adopted protections to block the malware from gaining a foothold on Android devices, even for the ones, running on older version of the operating system.
During the time, when CopyCat was in full force, the malware gained control over 8 million devices and used the derived power to tap about 100 million bogus ads and install 4.9 million apps on other phones and tablets generating substantial revenues for the criminal masterminds. CopyCat was able to achieve its goals by exploiting the security loopholes in Android Version 5 and earlier and then by hijacking a part of Android systems called “Zygote”, a software function that manages the launch of the mobile apps within the device.
“This is the first of its kind adware that is discovered using this technique,” said the researchers at Check Point. Another adware that used a similar tactic to steal money and is known as Triada was discovered earlier by Kaspersky Lab, a Russian antivirus firm.
As for CopyCat, it primarily affected devices in the Southeast Asia, particularly in India, Bangladesh, and Pakistan, although approximately 280,000 people in the USA were also affected by the malware. The researchers also found out that the malware purposefully avoided targeting users who are based in China, this could be a clue leading to the perpetrators based in that region only and who were avoiding the investigation carried out by local security agencies.
Check Point researchers have even traced the CopyCat campaign back to a three-year-old startup that is based in Guangzhou China, called MobiSummer. The malware operators and this startup shared infrastructure, remote services, and code signatures. The researchers did not clearly comment on the fact of MobiSummer being a wetting agent or not.
“While these connections exist, it does not necessarily mean the malware was created by the company, and it is possible the perpetrators behind it used MobiSummer’s code and infrastructure without the firm’s knowledge,” the researchers said. MobiSummer however, did not immediately respond to Fortune’s request for information.
Aaron Stein, a Google spokesperson said that the company has been keeping tabs on a variation of CopyCat malware for a couple of years now. He further added that Google Play Protect, a security feature formalized by the company in May which scans and remove malicious malware apps from the phone would now immunize phones against these infections even when they are operating on the older version of the Android operating systems.
“CopyCat is a variant of a broader malware family that we’ve been tracking since 2015. Each time a new variant appears, we update our detection systems to protect our users,” Stein said. “Play Protect secures users from the family, and any apps that may have been infected with CopyCat were not distributed via Play. As always, we appreciate researchers’ efforts to help keep users safe.”
Fraudulent advertising and online scams have become a lucrative way for scammers to make easy money online. Last year only, Checkpoint reported having uncovered several other ad frauds that included “HummindBird” that earned its creators a whopping figure of $300,000/month. Another one from the category named “Gooligan” which stole authentication tokens from more than 1 million Google accounts. The other 2 more recent scams include “Methbot” and YiSpecter” that stole up to $5 Million/day. These two targeted Apple to be precise.
This news is part of Branex mission of informing its clientele with the malware and their atrocities running in the online world. We urge everyone to keep their antivirus software updated and install one in your hand-held devices if you haven’t till today.