INFRA
INFRA
INFRA
Ad revenue-stealing ‘CopyCat’ malware discovered on 14M+ Android devices
A recently discovered form of malware has infected more than 14 million Android devices worldwide and is believed to have earned the hackers behind the campaign about $1.5 million in fake-ad revenues over the last two months.
Researchers at Check Point Software Technologies Ltd., which dubbed the malware “CopyCat,” said the malware has spread by use of phishing scams and through bundling with popular apps offered for download on third-party app stores. Once it is installed on a given Android device, CopyCat roots the device, allowing it to bypass operating-software controls. It then injects the Zygote launching process app, a part of Android’s code dedicated to launching apps, with code that allows unauthorized apps to be installed on the device.
“CopyCat abuses the Zygote process to display fraudulent ads while hiding their origin, making it difficult for users to understand what’s causing the ads to pop-up on their screens,” the Check Point Mobile Research Team said in a blog post. “CopyCat also installs fraudulent apps directly to the device, using a separate module. These activities generate large amounts of profits for the creators of CopyCat, given the large number of devices infected by the malware.”
The good news is that Check Point believes that CopyCat infections already peaked in April and May 2016 and that while infections are still ongoing that are far less so than at its peak. The company informed Google Inc. of its findings in March 2017, and Google claimed it was “able to quell the campaign,” although how it did so is not clear.
Google has released a number of Android device updates since that time including a new release this week. But many in the security community consider the Android security update process completely broken because of its reliance on smartphone makers and telcos to push the updates out. That means few Android users have likely received a patch that protects against CopyCat yet.
The advice, as always, is to practice safe Internet by installing antivirus software on Android devices and not installing apps from third-party app stores.
Photo: 29233640@N07/Flickr
Since you’re here …
… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
