CopyCat Malware Infected Over 14 Million Android Devices Report by Check Point
The cyber threats have more and more grown with time on a multitude of platforms including Android, Linux, and home windows to name some. Researchers have now identified that copycat Android malware had affected over 14 million devices the previous year, succeeding in rooting as a minimum 8 million of them. The malware made its way to the devices via malicious apps available inside illegitimate app markets, as a substitute for google play, to earn as a lot as $1.Five million in fake advert sales in months, the researchers stated.
A study conducted by Check Point researchers has revealed that the CopyCat malware could seep into the Android devices by harnessing six different vulnerabilities possessed by them, and used a novel technique to generate and steal ad revenues. It infected more than 280,000 Android users in the United States, while its major target was Southeast Asian countries. The CopyCat malware was being spread under a campaign and it used to infect device and subsequently root them, gaining the full control of the smartphone.
The researchers define CopyCat as "a fully developed malware with vast capabilities, including rooting devices, establishing persistence, and injecting code into the Zygote", which is a primary Android app launching process. After a device is infected by CopyCat, it further holds itself until the device reboots and then it tries to root the device. As an attempt to root the device, the malware uses six vulnerabilities possessed by Android 5.0 Lollipop and earlier versions through an upgrade acquired through Amazon Web Service storage. Although the flaws found by researchers was capable enough for earlier Android versions, it could still be persistent in the devices that have not been patched or updated in last two years.
As we said, after it exploits the vulnerabilities of Android, the CopyCat malware starts the malicious code injection process to the Zygote app launching process and then generates illicit revenue by installing apps and further replacing the users referrer ID with that of attackers. It additionally starts displaying fraud ads and apps. This kind of a technique was earlier used by the Triada Trojan, which targeted devices to gain superuser privileges before making use of regular Linux debugging tools to embed its DLL and infect mobile browsers.
SOURCE READ MORE
MORE FROM TECH NEWS ?