14 million Android devices infected with CopyCat malware – here’s what you need to know


More than 14 million Android devices have been infected with a dangerous new strain of malware.

The malware, dubbed CopyCat, has raked in more than a million dollars in fraudulent advertising revenue, security firm CheckPoint revealed this week.

The epidemic was spread through third party app stores and phishing attacks, with the majority of infected devices being located in Southeast Asia, CheckPoint said.

According to researchers, the region accounted for 55 percent of all CopyCat infections, with Africa at 18 percent accounting for the second highest number of infected devices.

CopyCat was able to infect so many devices as most were unaware the malware had managed to find its way on their device.

The malware works by lingering until the smartphone is restarted. It then gains root access to the device, which makes it difficult to remove, researchers said.


“If successful, CopyCat installs another component to the device’s system directory, an activity which requires root permissions, and establishes persistency, making it difficult to remove,” CheckPoint wrote in a blog post.

The malware then begins injecting an Android launching process known as Zygote which install unauthorised apps onto the device.

“The really interesting technology it uses to steal revenue is taking credit for advertising ads that led to installations of apps. It simply switches the real referrer’s ID with its own once it detects an installation process,” CheckPoint explained.

CheckPoint estimated that CopyCat had generated around $1.5 million in revenue, which indicates just how much money can be earned from malware campaigns.

CopyCat mainly targeted users running older versions of Android who downloaded apps from unofficial app stores.

The advice to users is to always run the most up to date version of Android possible on your device and only ever download apps from the Google Play Store.


Comments are closed.