CopyCat Malware Infects Over 14M Android Devices

Posted by Kyle 11:08 AM (CDT)

Friday July 07, 2017

While over half of the CopyCat malware infections on Android are located in Asia, there are over 250K infections verified in the USA. This Android malware's primary function is one you might not notice easily either. It is going about making its money by hijacking advertisement identifiers. Basically, when you see an ad on your phone, company X gets paid. You still see the same advertisement, but this malware tells the ad seller that company Y gets credit for it instead of company X. While it does not seem that the code is getting used for a more nefarious purpose at this time, it surely could be used for purposes much worse. This malware is capable of rooting your Android phone.

The malware uses two tactics to steal ad revenue-displaying fraudulent ads and stealing referrer IDs of apps installed from Google Play.

Now how do you go about getting this malware on your device? You download and install 3rd party apps NOT from the Google Play store. If you have not done that, then there is likely no reason for concern. So don't do that! And you know you should not anyway.

There's no evidence that CopyCat was distributed on Google Play, Google’s official app store.

And it seems as if this has already been handled by Google as well, although not a lot of information is giving on this. If anyone can find a reliable way to verify if you have this on your device, please pass that along as I cannot find any reliable information on how you might go about that.

Check Point researchers identified a mobile malware that infected 14 million Android devices, rooting approximately 8 million of them, and earning the hackers behind the campaign approximately $1.5 million in fake ad revenues in two months.