According to CNET, researchers from Check Point have found that more than fourteen million Android devices around the world have been infected by a new strain of malware called CopyCat. It roots into phones, hijacks apps, and is generating millions of dollars in fraudulent ad revenue. Most of CopyCat’s victims are in Asia, but more than 280,000 of the infected phones are in the United States.
Google, who had been tracking the malware for a couple years now, updated Play Protect to block CopyCat. CheckPoint claims there is no evidence of CopyCat being distributed through Google Play – instead users are getting hit through third-party app downloads and phishing attacks.
“Play Protect secures users from the family, and any apps that may have been infected with CopyCat were not distributed via Play,” Google said in a statement.
The way CopyCat works is by pretending to be a popular app on third-party stores.
“Once downloaded, [the CopyCat app] collects data about the infected device and downloads rootkits to help root the phone, essentially cutting off its security system.” CNET explained. “From there, CopyCat can download fake apps, as well as hijack your device’s Zygote — the launcher for every app on your phone.”
CheckPoint estimates that nearly 4.9 million fakes apps have been installed on the infected devices, displaying around 100 million ads. The hackers responsible have generated an estimated $1.5 million in two months.