Friday, 7 July 2017

CopyCat Android Malware Infected 14m Mobile Devices, Rooted 8m Last Year

CopyCat Android Malware Infected 14m Mobile Devices
File Photo
CopyCat Android Mobile devices malware infected to over 14M devices last year and root 8 million of them, the researchers should reveal.

This malware, circulated through popular mobile apps repackaged with malicious programming code and shared through 3rd-party market stores and phishing scams -- but not Google Play -- infects devices to cause and remove advertising income.

According to 'Check Point' researchers, hackers backward the campaign were worthy of earning roughly 1.5 million Dollars in 2 months, infecting the 14 million of devices globally and the rooting Eight Million(8M) of them in what the security team calls an "an unprecedented success rate."

CopyCat Android Malware Infected 14m Mobile Devices, Rooted 8m Last Year
Check Point

Once a mobile device infected with malware, 'CopyCat' waits until the restart to alleviate suspicion then tries to root the mobile device. The 'Check Point' declares that 'CopyCat' was ready to successfully root 54% (54 percent) of all the mobile devices infected, "which is very unusual even with complicated malware."

In order to perform root situation, the malicious programming code uses 6 different vulnerabilities to Android OS versions 5 and initiated by an "upgrade" package removed from the Amazon's web storage. Fascinating of the defects the malware analyses for are much old and the important modern ones were found over 2 years ago -- also so should your mobile device be patched and up to date, 'CopyCat' should not be a concern.

"These used exploits are still powerful because mobile users patch to their devices intermittently," the researchers write.

The malware later injects malicious programming code in the Zygote Android app launching process, whichever permits attackers to create fraudulent income by installing Android apps and replacing the mobile user's referrer ID by their own, as well as show fraudulent popup ads and apps.

The Triada Trojan first used this technique. According to the Kaspersky Labs(Anti-Virus), the malware spotted the same method to gain superuser rights before using normal Linux debugging tools to embedded its DLL and target to mobile browsers.

In result, fraudulent mobile ads did display on 26% of infected mobile devices, while 30% were used to remove credit for installing apps on Google Play. Also, 'Check Point' says the malware would also send the device brand name, model, OS version, and country to CopyCat command and control (C&C) centers.

At the peak of the campaign in April and May 2016, CopyCat essentially infected users in Asia, although over 280,000 infections were also recorded in the United States.

Android Malware Infected 14m Mobile Devices
Check Point

Google was able to quell the campaign, and now the current number of infected devices is far lower -- but those affected by the malware may still be generating revenue for the attackers today.

The researchers are not sure who is behind the malware campaign but has tentatively linked MobiSummer as the Chinese ad network signs some of the malware's code.

Beginning this week, a UK youngster was priced for providing malware for performance in (DDoS) distributed denial of service attacks and assisting criminals in impressive high-profile targets worldwide, including NatWest, Vodafone, O2, BBC, BT, Amazon, Netflix, and Virgin Media, among others.

No comments:

Post a Comment