Declawing the CopyCat Malware: Why and How?
Just as the Petya ransomware scheme was discovered and we managed to tackle it, we now face a new challenge to mobile security: CopyCat malware.
How does it work?
CopyCat generates and steals ad revenues. It’s disguised as popular apps and it infects each device once downloaded by collecting data about the infected device and disabling its security system. This is, achieved by rooting the phone and taking control of its app launcher, known as Zygote.
As a result, it can divert ad revenues to hackers each time an ad pops up on the app, instead of reaching the developers of the genuine app. It does this by replacing the genuine app’s ID with its own referrer’s ID. It can also make its own ads pop up, while hiding their origin, so it becomes difficult for users to identify why they are being persistently interrupted by pop ups.
It’s known that CopyCat exploits vulnerabilities in Android versions 5 and earlier, so devices that are particularly prone to attack are those running older operating systems. Devices with fully updated systems are not susceptible. The problem occurs because many users don’t update their devices often enough.
It has been reported that CopyCat has infected more than 14 million Android devices worldwide, generating millions of dollars in fraudulent ad revenue. CopyCat has been particularly prevalent in Asia and Africa, although over 280,000 devices in the US have also fallen victim to it. It’s estimated that nearly 4.9 million fake apps have been installed on infected devices, displaying up to 100 million ads. Notably, reports say that Chinese users have remained unaffected, raising unconfirmed speculation that the source of the malware may be China.
Why should we care?
CopyCat is adware, in essence. The main victims of this malware are the companies who pay the CopyCat cybercriminals for advertisements instead of the real app developers.
From an end-user’s perspective, it has two chief implications. First, anything that can be installed by the malware onto a mobile device also has the potential to find and steal sensitive personal details, such as banking or credit card information. Second, it can seriously degrade the quality of experience that is so important for users. And as we all know, safeguarding and improving QoE are essential considerations for service providers in order to maintain and grow their business. Protecting it is essential.
CopyCat shows that cyber threats never stop. There are always new challenges, new methodologies, and new techniques. CopyCat’s modus operandi is different to Petya or WannaCry, so it demonstrates that security must work in many diverse ways and on many different fronts to protect networks and users. As such, and with all types of malware, beating it requires understanding it, and adopting a sophisticated approach to combatting it.
How to beat CopyCat?
The most straightforward tactic to beat this nasty malware is for users to patch their devices with the most recent updates. Unfortunately it takes time for updates to be developed and to proliferate, and it isn’t possible to guarantee that every individual user will adopt this behavior in a timely fashion.
Instead, service providers should offer a network-based security solution that protects their networks and customers against different kinds of malware. Additionally, they should offer customers a comprehensive unified security solution that provides security as a service at a network level and at the end-point.
Solutions such as these must be seamless to implement and easy to activate. They need to be nimble enough to defend networks and end-points against a wide range of different and constantly mutating threats. And they must do so without jeopardizing network and end-point performance.
To learn more about how to achieve this, contact us.