CopyCat Malware

CopyCat is a sophisticated form of mobile malware that has infected more than 14 million Android devices, according to some sources. The fully developed malware was discovered and named CopyCat by Check Point mobile threat researchers as a result of the malware taking credit (and generating revenue) for Android installations it didn’t create.

The CopyCat malware roots, or gains access to key subsystems of the Android mobile operating system, more than half of the mobile devices it infects, which helped enable the hackers that created the malware to generate more than $1.5 million in revenues from fake ads over the first two months of CopyCat’s release into the wild.

CopyCat Malware

Source: Check Point Software

How CopyCat Does Its Damage and Makes Money

In addition to being able to root Android devices, CopyCat can establish persistency, which means the malware can remain in the device essentially forever unless a patch is installed for the device. CopyCat is also able to inject code into Zygote, a daemon responsible for launching apps in the Android operating system, which enables CopyCat to control any activity on the Android device.

These capabilities have made it possible for CopyCat to generate revenue by fraudulently installing apps using a bogus referrer ID that awards credit for the install to the CopyCat hackers. CopyCat can additionally display fraudulent ads to users to generate additional revenue for the hackers.

How CopyCat Infects Android Devices

In terms of how it gets onto Android devices in the first place, the CopyCat malware can infect a device when a user downloads an infected app from a third-party app store (as opposed to the official Google Play store) or when the user clicks on a bogus phishing email.

Once infected, over 54% of the devices CopyCat infiltrates are successfully rooted by the mobile malware. CopyCat exploits numerous security vulnerabilities in older versions of the Android mobile operating system (Android 5 Lollipop and earlier) that haven t been updated with the most recent security patches.

As a result, newer Android devices running Android Marshmallow and later, as well as older devices updated with the latest security patches, are completely protected from CopyCat.

Forrest Stroud
Forrest Stroud
Forrest is a writer for Webopedia. Experienced, entrepreneurial, and well-rounded, he has 15+ years covering technology, business software, website design, programming, and more.

Related Articles

@ Sign

Pronounced at sign or simply as at, this symbol is used in e-mail addressing to separate the user' name from the user's domain name,...

Munging

(MUHN-jing) Munging (address munging), is the act of altering an email address posted on a Web page to make it unreadable to bots and...

How to Create an RSS Feed

In the second installment of RSS how-to, we look at some of the nonrequired (optional) channel and item tags, discuss RSS specifications in-depth and...

Dictionary Attack

(n.) (1) A method used to break security systems, specifically password-based security systems, in which the attacker systematically tests all possible passwords beginning with...

ScalaHosting

ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...

HRIS

Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...