An Android malware infected and proliferated so effectively that when its attacks were the maximum during April-May 2016, it contaminated 14m devices as well as rooted 8m of them.
According to security researchers, the malware sample called 'CopyCat' aided in earning $1.5m to its creators, chiefly via ad fraud in April-May 2016.
Security Investigators from the Mobile Research Team of Check Point, after detecting the malware during March 2017, assert that CopyCat primarily contaminated Android owners within the countries of Southeast Asia; however, Android owners numbering 280,000-and-more in USA too were contaminated. As per research, Asia was attributed with 55% of CopyCat contaminations, while Africa with 18% ranked No.2 on the list of countries with most contaminated Android gadgets.
CopyCat transmits monetary earnings to hackers, the income acquired from pop-up ads of applications rather than to app developers. In a computation by Check Point, a maximum of 4.9m fake applications got planted onto infected devices, generating a maximum of 100m advertisements. Within sixty days, CopyCat accounted an income of $1.5m-and-more that it transmitted to cyber-criminals.
Check Point associates the assault with MobiSummer, an app developer and tech startup in China. Now, it isn't clear whether the company had a direct involvement else had been victimized itself. Wvtm13.com posted this, July 6, 2017.
Check Point further states that CopyCat understandably proliferated via phishing scams as well as repackaged widely-used applications with malicious software when end-users took them down from intermediate application repositories. Once CopyCat contaminates an Android gadget, the malware roots the gadget for acquiring complete hold over it. It subsequently, thrusts Zygote an app that aids the process of launching using code for starting loading of illegitimate applications onto the gadget.
For gaining insights, Check Point's researchers retrieved data via accessing CopyCat's command-and-control servers. Reportedly, malevolent advertisements got exhibited on 3.8 million contaminated devices, whilst 4.4 million contaminated devices got utilized for "stealing credit" in connection with Google's Play Store referrals.
After its peak in 2016, CopyCat attacks slowed pace when Google blacklisted the malicious program on Play Project; however, according to Check Point, contaminated gadgets are likely yet under the program's impact.