The Android malware known as CopyCat spread to more than 14 million devices and rooted 8 million devices last year.
The malware was spread by popular apps that were repacked with the malware. These apps were acquired through third-party app stores and phishing scams, but there is no evidence that the Google Play Store apps were infected with CopyCat. The majority of infected devices were located in Asia, but nearly 300,000 cases were reported in the United States.
CopyCat Malware
According to Check Point, CopyCat is a specific type of malware known as adware, which generates money through fraudulent ads. Once CopyCat is installed on a device, it then roots the infected smartphone, allowing the code full access to the device.
Once the device has been rooted, CopyCat then infects the Zygote app launch process, which will allow the CopyCat creators to receive payments for fraudulently installing apps by replacing the referrer's ID with their own. CopyCat will then use the infected Zygote process to display ads while also hiding the origin of these ads. This makes it very difficult for the infected users to determine where the ads are coming from.
Given the scope of the CopyCat infection, these tactics have generated quite a bit of money for the malware's creators. In fact, Check Point estimates that the CopyCat malware earned its creators approximately $1.5 million over the course of two months.
Fraudulent ads were displayed on 26 percent of infected devices, and 30 percent were used to steal credit for installing apps on Google Play. Additionally, the malware would also send the device's information to CopyCat's creators.
Threats To Business Enterprises
While adware such as CopyCat is mainly focused on consumers, it does still pose a threat to business enterprises as well. Perhaps the biggest threat is that of an infected device connecting to a business's secured network. This would theoretically allow CopyCat's creators to gain access to the business's data and information. Many users forget that an unsecured smartphone is just as big of a security risk as an unsecured laptop.
Who Created CopyCat?
A lot of adware was actually invented by people working in the ad industry, but we do not know who is behind the creation of CopyCat. The code bears some similarities to code used by the Chinese ad network MobiSummer, but that does not mean that MobiSummer is behind CopyCat. It is possible that the similarities are merely a coincidence or that someone used MobiSummer's code without its permission or knowledge.