Researchers from cybersecurity firm Check Point detected Copycat – a mobile malware that uses a new method to generate and steal ad revenues. It infected 14 million Android devices. It also earned for the hackers approximately $1.5 million in fake ad revenues in just a matter of two months. CopyCat infected users that are mostly in Southeast Asia, but it also spread to almost 300,000 Android users in the United States.
How it Works
CopyCat is a malware with capabilities such as rooting devices, establishing persistence mechanisms, and injecting code into its background processor which is responsible for launching apps in the Android operating system. Once the malware is able to do that, the hackers behind it can control any activity on the infected device.
Check Point researchers believe that Copycat spread via popular apps that were repackaged with the malware and downloaded from unofficial app stores. It was also discovered to contaminate from phishing scams.
The Continued Rise of Mobile Malware
The news about this latest detection comes as attackers continue to target mobile users, specifically those who use Android devices. Malware such as FalseGuide, MilkyDoor, and BankBot notably did the most damage.
The FalseGuide malware was discovered hiding in more than 40 guide apps for games, and the total number of infected devices was estimated to reach up to 600,000 devices. Depending on the attackers’ objectives, these modules can contain highly malicious code intended to root the device, conduct a DDoS attack, or even penetrate private networks.
Meanwhile, MilkyDoor is a type of malware that poses greater risks to businesses. It has an ability to enter internal networks that infected mobile devices connect to. Around 200 unique Android apps with installs ranging between 500,000 and a million on Google Play have been found embedded with MilkyDoor.
Bankbot, a Trojan discovered in video app Funny Videos 2017 which origin traced back to a leaked malicious source code in an underground hacking forum, poses as a legitimate service that aims to steal online banking and other credentials by popping up fake login windows over legitimate banking and other apps.