Security services firm CheckPoint releases new information about CopyPat malware

08 Jul 2017

Security services firm, CheckPoint has released new information about CopyCat, a malware that has been incorporated in a number of applications installed outside of the Google Play Store.

The CopyCat malware is capable of "rooting" the device, installing fraudulent applications, serving fraudulent advertisements, and stealing app installation credits by exploiting certain security loopholes in the Android operating system, which should allow the malware to root the infected devices.

"Rooting" refers to the process of allowing users of smartphones, tablets and other devices running the Android mobile operating system to gain privileged control over various Android subsystems.

According to commentators, the rooting of infected devices is a major concern in itself as it renders the user vulnerable to a wide range of security concerns and exploits.

Following the rooting of the device, the malware then sought to modify the code of the Android OS's app launching system.

The modification of the app launching system also allowed the malware developers to monitor user activity. With this information the users could earn ad revenue either by showing fraudulent advertisements on non-infected apps or by stealing app installation credit from other developers.

According to experts, as developers might remotely change the attack objectives of a certain malware, it might also be used to infiltrate a corporate network or retrieve sensitive information stored within a device.

The malware had infected over 14 million Android devices around the world, rooted phones and hijacked apps to make millions in fraudulent ad revenue, researchers at Check Point said Thursday.

Though the majority of victims were in Asia, over 280,000 Android devices in the US were hit by the massive hack. Google had tracked the malware for the last two years and updated Play Protect to block CopyCat. However, millions of victims were getting hit through third-party app downloads and phishing attacks.