Saturday, 29 July 2017

‘CopyCat’ Malware Infected 14 Million Google Android Devices

“CopyCat”, a harmful software campaign, affected millions of devices that run on the Android operating system by Google. In this defect, more than a million dollars were brought in through false and fake advertising and app installations, as stated by the researchers at the Israeli cybersecurity firm Check Point Software Technologies.

This operation peaked during April and May 2016. It infected about 14 million devices and raked in about $1.5 million in just a matter of two months. The outbreak seemed to have spread to devices through third party app stores and phishing attacks, instead of the official Google play app.

A mobile security researcher at Check Point named Daniel Padon informed Fortune that his team conveyed the operation to Google in March almost immediately after discovering it. By that time Google had controlled much of the problem.

When CopyCat infection was rampant everywhere, the malware got hold of “root” control for about 8 million devices and used that authority to supply more than 100 million fake ads and install 4.9 million apps on various devices, garnering considerable amount of revenues for cybercriminals. The malware was able to do this with the help of a few exploits to gain access to security holes in Android versions 5 and earlier and then later by taking over the "Zygote" which is a part of Android systems that handle app launches.

Check Point researchers stated that is this first malware discovered that utilises this technique. They also noted that this tactic was first used by Triada which was a money-stealing malware. Researchers have in fact traced the CopyCat operation back to a 3-year-old ad-tech start-up that was based in Guangzhou, China called MobiSummer. The infrastructure, remote services and code signatures were shared by the malware operators and the start-up, as told by the researchers, although they were not sure whether the company acted on this deliberately or unconsciously.

The CopyCat malware mainly harmed devices in Southeast Asia, countries such as India, Pakistan and Bangladesh although about 280,000 people in the United States were also impacted when it was at its peak. Researchers also observed that the adware deliberately avoided pursuing China-based users, thus deducing that the culprits might have been based there itself and functioned this way to avoid being caught by the local authorities.

Aaron Stein who is a Google spokesperson, stated that the company has been keeping an eye out for any variant of the CopyCat malware for the last few years. He also added that a security feature made official by the company in May called Google Play Protect that scrutinizes and abolishes harmful apps from devices, was now able to immunize phones against these attacks even if they are functioning on an earlier version of Android.

Stein also said that CopyCat is modified version of a larger malware family that they have been on the lookout since 2015. Every time a new variant makes an appearance, they upgrade their detection systems to safeguard their users. Play Protect defends users from the family of malware and any apps that were carrying the CopyCat malware have not been circulated via Play, Stein said. This tactic of fake advertising has become a profitable way for offenders to make some cash online, examples are the “Hummingbird” ad fraud scam which helped fraudsters make $300,000 per month and the most recent one being “Methbot” which robbed up to $5 million a day.

No comments:

Post a comment

Note: only a member of this blog may post a comment.