“Security firm Check Point today disclosed a newly discovered attack against Android devices it calls “CopyCat” that has already claimed at least 14 million victims. The Android CopyCat malware generates revenue for attackers through several mechanisms, including ad fraud and affiliate app installations.
“We called it [CopyCat] because it takes credit for installations it didn’t initiate, which is the big technological innovation it presents,” Daniel Padon, mobile threat researcher at Check Point, told eWEEK.
CopyCat has a similar type of ad fraud component as the Gooligan malware that Check Point reported in November 2016. As with Gooligan, the malware infects Android devices and then attempts to download other programs to generate affiliate commissions.
The CopyCat malware is able to inject code into Android’s Zygote application launcher to both download new applications and display fraudulent online advertisements to victims. The unauthorized application installation and fraud ads have generated approximately $1.5 million in revenue over a two-month period for CopyCat attackers, according to Check Point’s estimates.”