Join NairaWay / Login / Trending / Recent / New
Stats: 248 members, 2,887 topics. Date: September 21, 2018, 4:51 am
NAIRAWAY Forum / Webmasters / Malware operation ‘CopyCat’ infected 14m Android devices (1 Post | 187 Views)
Malware operation ‘CopyCat’ infected 14m Android devices by nairaway(m) : 5:01 pm On Jul 07, 2017
A malicious software campaign, dubbed “CopyCat,” infected millions of devices running Google’s mobile Android operating system and raked in more than a million dollars through fraudulent advertising and app installations, researchers at the Israeli cybersecurity firm Check Point Software Technologies said Thursday.
The malware operation, which peaked during April and May 2016, spread to as many as 14 million phones and tablets and garnered as much as $1.5 million in the space of those two months, the researchers said. The epidemic, which Google all but quashed a year ago, appeared to have spread through third party app stores and phishing attacks, rather than through the official Google Play app.
Daniel Padon, a mobile security researcher at Check Point, told Fortune that his team reported the operation to Google in March soon after discovering it. By then Google already had taken care of much of the problem .
Google estimates that fewer than 50,000 devices are still affected. The search giant has since adapted its protections to block the malware from gaining a foothold on Android devices, even ones running older software versions, the company told Fortune.
During the time that CopyCat was in full force however, the malware gained “root” control over 8 million devices, and used that power to serve more than 100 million bogus ads and install 4.9 million apps on phones and tablets, generating substantial revenues for the cybercriminals. The malware achieved this by using a handful of exploits to take advantage of security holes in Android versions 5 and earlier, and then by hijacking a part of the Android systems called “Zygote,” a software function that manages app launches.
“This is the first adware discovered using this technique,” said Check Point researchers, while noting that the tactic first had been introduced by the money-stealing malware Triada.
CopyCat primarily affected devices in Southeast Asia—particularly in India, Pakistan and Bangladesh—although 280,000 people in the United States were also affected at its height. The researchers noted that the malware purposefully avoided targeting users based in China; they theorized that the perpetrators might be based there, and were seeking to avoid provoking investigation by local police.
Check Point researchers, in fact, traced the CopyCat campaign back to a 3-year-old ad-tech startup based in Guangzhou, China called MobiSummer. The malware operators and the startup shared infrastructure, remote services, and code signatures, the researchers said, although they were uncertain whether the company was a witting or unwitting agent.
“[W]hile these connections exist, it does not necessarily mean the malware was created by the company, and it is possible the perpetrators behind it used MobiSummer’s code and infrastructure without the firm’s knowledge,” the researchers said.
MobiSummer did not immediately respond to Fortune’s request for information.
Aaron Stein, a Google spokesperson, said that the company has been keeping tabs on a variation of the CopyCat malware for a couple of years. He added that Google Play Protect, a security feature formalized by the company in May which scans and removes malicious apps from phones, would now inoculate phones against these infections even if they were running older versions of Android.
“CopyCat is a variant of a broader malware family that we’ve been tracking since 2015. Each time a new variant appears, we update our detection systems to protect our users,” Stein said. “Play Protect secures users from the family, and any apps that may have been infected with CopyCat were not distributed via Play. As always, we appreciate researchers’ efforts to help keep users safe.”
Fraudulent advertising has become a lucrative way for crooks to make money online. Last year Check Point uncovered several ad fraud scams including “HummingBad,” which earned its perpetrators $300,000 a month, and another nicknamed “Gooligan,” which stole authentication tokens for more than 1 million Google accounts. Other recent scams include “Methbot,” which stole up to $5 million a day, and “YiSpecter,” which targeted Apple’s iOS operating system.
HOW TO EARN $1 EVERY 2 MINUTES OR $55 DAILY ONLINE
CLICK HERE TO GET FREE TUTORIALS ON MAKING FREE CALLS, WATCHING DSTV FREE ETC
HOW TO MAKE N100,000 T0 N500,000 MONTHLY
LEARN HOW TO MAKE N250,000 MONTHLY ONLINE IN NIGERIA
How to Make Huge money From Expired Domain name click http://cashnaira.com
CLICK HERE TO DRIVE UP TO 20,000 REAL NIGERIAN TRAFFIC DAILY TO YOUR SITE
A NEW INTERNET COMMUNITY IS LAUNCHED! CHECK IN AND ENJOY FREE LESSONS
FREE GUIDE! BROWSE FREE, MAKE FREE CALLS, MAKE MONEY ONLINE ETC
CLICK HERE TO EARN $45 – $100 DAILY ONLINE WITH YOUR FACEBOOK ACCOUNT
BOOST YOUR WEBSITE TRAFFIC WITH 10 MILLIONS ACTIVE NIGERIAN EMAIL ADDRESSES / Mark Zuckerberg meets founder of Nigerian all-female Facebook group / 10 MILLIONS ACTIVE NIGERIAN EMAIL ADDRESSES DATABASE LIST /
Viewing this topic: 1 guest viewing this topic
|NAIRAWAY - Copyright © 2016 Oluwasegun Adebayo. All rights reserved. Follow NairaWay on Facebook|
Disclaimer: Every NAIRAWAY member is solely responsible for anything that he/she posts or uploads on NAIRAWAY.