A new uncovered malware strain has already infected more than 14 million Android devices around the world. The operators have earned approximately $1.5 million in fake ad revenues in just two months.

Dubbed CopyCat, this malware has the power to root infected devices, establish persistency, and infect malicious code into Zygote. Zygote is a daemon responsible for launching apps on Android. Which means the operators would have full access to the devices.

Over 14 Million Devices Infected and 8 Million of them Rooted

According to security researchers who discovered this malware strain, CopyCat has infected 14 million devices and rooted nearly 8 million of them, had 3.8 million devices serve ads, and 4.4 million of them were used to steal credit for installing apps on Google Play.

 Most of the CopyCat victims hit resided in South and Southeast Asia with India being hit the hardest, but there was still more than 280,000 Android devices hit in the United States.

Researchers believe most of the victims got infected through third-party app downloads and phishing attacks.

The success of the campaign shows that millions of Android users rely on old, unpatched, unsupported devices.

Copycat malware

Photo Credit Richard G.

How CopyCat Infects Android Devices

CopyCat disguises itself behind a popular third party Android app. Once downloaded, the malware begins to collect data bout the device and downloads rootkits to help root the victims phone.

After the rooting is completed, the CopyCat malware removes security defenses from the device and throws code into the Zygote app launching process to fraudulently install apps and display ads and generate revenue.

In just two months, the CopyCat helped hackers make more than $1.5 million in revenue. The majority of profit came from nearly 4.9 million fake installs on infected devices.
The majority of victims are located in India, Pakistan, Bangladesh, Indonesia, and Myanmar, though over 381,000 devices in Canada and more than 280,000 devices in the U.S. are infected with CopyCat.
In today’s times these attacks are going to continue to happen. The best thing you can do is make sure you have the best security possible to keep your data safe. Re2 Tech is here to help. Give us a call today.