A new research report about last year’s malware attacks was revealed recently showing that over 14 million devices were affected and eight million of them were rooted by a malware named ‘CopyCat‘. The malware was spread taking a cover of some popular apps which were repackaged. While repackaging, the code of these apps is changed with a malicious one and the scammers distribute it through third-party stores. Those who stuck to the Google Play Store were safe from these phishing scams.

%name CopyCat malware affected millions of Android devices last year causing forced roots and using devices for other personal uses

Hackers Had A Pretty Good Time

With news breaking about this scam by Check Point researchers, it was brought to our attention that hackers earned around $1.5 million in two months. This revenue was generated because of the 14 million devices affected by the attack and even the researchers call it an “unprecedented success rate” for hackers.

How Does It Work?

%name CopyCat malware affected millions of Android devices last year causing forced roots and using devices for other personal uses

CopyCat virus has a unique way of attacking devices. The virus enters the prey device through a third party app and waits until the phone is restarted. Once restarted, it tries to root the device. The virus successfully infected around 54 percent of the devices by using six different vulnerabilities for Android versions 5 and earlier. If your device is patched time to time, you don’t need to worry about this vulnerability. The report says:

These old exploits are still effective because users patch their devices infrequently, or not at all.

From Where Does The Revenue Come From?

This huge amount of revenue comes from a fraudulent way devised by the hackers. The malware after entering the device spreads the malicious code into the Zygote app. After the virus is injected successfully, apps are installed which substitute the user’s referrer ID with their own and then display fraudulent ads to catch up the dollars.

April proved to be a growing month for Android Nougat - Studies show that the market share has grown up to 5%

The Virus is Much More Dangerous Than You Think

The technique is not actually used for the first time rather Triada Trojan used it for the first time which were used to gain privileges including:

  • 26 percent of infected devices displayed with fraudulent ads
  • 30 percent devices used to steal credit for installing apps on Google Play Store