There’s a new strain of Android malware making the rounds right now. It is known as CopyCat, and so far the malware has infected over 14 million devices worldwide. According to researchers at Checkpoint, the malware basically roots devices and hijacks apps to make millions in fraudulent revenue. The majority of the devices affected by the CopyCat malware are in Asia right now, but this does not mean that devices in other places are safe.
Right now, there are at least 280,000 Android devices affected by CopyCat in the US. Google has been tracking the malware for the last two years, and the company has updated PlayProtect to block CopyCat. However, millions of devices are still getting affected through third-party app downloads and phishing attacks.
Here’s how the malware works. CopyCat pretends to a popular app. Once it is downloaded by an unsuspecting user, the app collects data about the infected device and downloads rootkits to help root the phone, essentially cutting off its security system. after that, CopyCat downloads fake apps, and also takes control of the device’s Zygote, which is the launcher for every app on your phone. Once the malware has control of the Zygote, it knows every app you download, as well as every app you open. Now, the malware is able to replace the Referral ID on your apps with its own, which redirects ad revenue to the hackers instead of to your app’s creators. So far, CopyCat has helped hackers make over $1.5 million, according to Check Point.
Another curious thing about this malware is that it checks to see if the infected device is located in China. So far, Chinese victims have been spared from the attacks. This could mean that the perpetrators of the cyberattack are located in China and are trying to avoid police investigation. The attack hit its highest number of victims between April and May of last year, but it still affects Android users today, especially those that use Android 5.0 and earlier Android versions. Also, users who download apps from third-party sites are at risk.