Home / Definitions / CopyCat Malware

CopyCat Malware

Forrest Stroud
Last Updated May 24, 2021 7:39 am

CopyCat is a sophisticated form of mobile malware that has infected more than 14 million Android devices, according to some sources. The fully developed malware was discovered and named CopyCat by Check Point mobile threat researchers as a result of the malware taking credit (and generating revenue) for Android installations it didn’t create.

The CopyCat malware roots, or gains access to key subsystems of the Android mobile operating system, more than half of the mobile devices it infects, which helped enable the hackers that created the malware to generate more than $1.5 million in revenues from fake ads over the first two months of CopyCat’s release into the wild.

CopyCat Malware

Source: Check Point Software

How CopyCat Does Its Damage and Makes Money

In addition to being able to root Android devices, CopyCat can establish persistency, which means the malware can remain in the device essentially forever unless a patch is installed for the device. CopyCat is also able to inject code into Zygote, a daemon responsible for launching apps in the Android operating system, which enables CopyCat to control any activity on the Android device.

These capabilities have made it possible for CopyCat to generate revenue by fraudulently installing apps using a bogus referrer ID that awards credit for the install to the CopyCat hackers. CopyCat can additionally display fraudulent ads to users to generate additional revenue for the hackers.

How CopyCat Infects Android Devices

In terms of how it gets onto Android devices in the first place, the CopyCat malware can infect a device when a user downloads an infected app from a third-party app store (as opposed to the official Google Play store) or when the user clicks on a bogus phishing email.

Once infected, over 54% of the devices CopyCat infiltrates are successfully rooted by the mobile malware. CopyCat exploits numerous security vulnerabilities in older versions of the Android mobile operating system (Android 5 Lollipop and earlier) that haven t been updated with the most recent security patches.

As a result, newer Android devices running Android Marshmallow and later, as well as older devices updated with the latest security patches, are completely protected from CopyCat.