A new form of malware has hit Android devices across Asia and North America. This new malware has been named Copycat and is a particularly dangerous malicious program which can root the smartphone. The affected handset and can give hackers remote control over that particular device. Security company, Check Point claims that the malware is quite widespread and has already hit 14 million devices across the globe.
What is CopyCat and what it does
CopyCat is a strain of malware that has been designed to mainly infect Android devices with older operating systems.
These systems are easier to infect due to the lack of proper security patches and updates. Google has banned the CopyCat program from their official Play Protect program, but it seems that downloads from third party app stores are responsible for most of the infections. In the United States, around 280,000 Android devices have been infected by the CopyCat malware, while in Canada that number is even higher at around 381,000 Android handsets.
The CopyCat program infects an app in the third-party app store. When a user downloads and installs that app from the store, the malware infects their smartphone. It then collects the data from the device and also downloads other malware programs discreetly.
All of these programs together can root the handset, meaning that the hackers will get the root privileges of the handset. This lets them bypass any security measures which have been put in place and slowly take over the handset itself.
After this whole process is complete, the CopyCat program will start monitoring the apps which are being downloaded and installed on the handset.
It will then replace the ads on those apps with its own ads. Displaying these ads is a way of earning money in the real world. In fact, according to Check Point, the creators of the malware have already earned at least $1.5 million with 100 million ads across 4.9 million fake apps that users have downloaded.
Where CopyCat originates from and precautions against it
Investigators believe that the malware arises from China since there are no reported cases of the malware infection in the country. It is believed that the creators have refrained from using the malware in China itself because they do not want to risk a local investigation. Some connection to Chinese ad network MobiSummer was also discovered through the malware.
The best way to stay protected is to avoid installing apps from third party stores and, instead, go for the programs which are present in Google's Play Store itself. Another important aspect to remember in a fight against this malware is to ensure that the handset is up to date with all new security patches and operating system updates.