Checkpoint researchers identified a mobile malware named Copycat found infected with more than 14 million Android devices worldwide. The infected devices are found to perform ad fraud and has helped hackers make more than $1.5 million in the past 60 days. Once the malware is infected, it tries to root the device allowing the bad guys to gain full control of the device.
CopyCat has the ability to replicate referrer id of its own. (Referrer id is used to track ads from google ads or bing ads). This means any ad revenue generated is sent to the hackers instead of the original intended recipient. The malware uses 5 different exploits which includes CVE-2013-6282, CVE-2015-3636 and CVE-2014-3153 infected devices running Android 5.0 and earlier.
280,000 of infected devices are from US, 381,000 devices are from Canada and the rest belong to the users from India, Indonesia, Myanmar & Pakistan. If the victim belongs to China, the app would not perform any activity. Hence Checkpoint researchers believe that the cybercriminals are Chinese and trying to avoid any possible legal troubles. Although there is no direct evidence of who is behind the attack.
Adding to that the researchers also have found evidence of several connections between CopyCat and the Chinese ad network MobiSummer. It also has been found that the malware and the ad company originate from the same server and the malware has been found to have been signed by MobiSummer, a Chinese ad company.
Google has been tracking this malware and has necessary measures to block CopyCat with Play Protect. However not all the Android devices are updated nor even possible to update and many fall victim due to phishing or by installing third party apps after rooting resulting in the same. However there is no evidence that this malware has been distributed by Google Play store.
A new variant of the Marcher Android malware is disguising as an update for Adobe Flash Player to steal users’ financial credentials such as online banking and credit card details, according to Zscaler Threatlabz. Previously known to baiting users by exploiting pornographic websites and popular games to deliver payload, the malicious Marcher now resorts to […] Continue reading →
Trend micro researchers have discovered a Android Trojan ad library named Xavier that steals user’s information without user knowledge. More than 800 Android apps which embedded the ad library appears to have infected with the malware. Xavier has self-protect mechanism that allows it to escape both static and dynamic analysis making it harder to detect. […] Continue reading →
One of Checkpoint’s customer’s employee downloaded a malicious app called “EnergyRescue” which consisted of zero day mobile ransomeware (Doxware)from Google Play store. The ransomeware dubbed “Charger” and has appeared to be downloaded by millions of Android users. The ransomeware infected app gets access to contacts and SMS messages from the user’s device requesting admin permissions appears to be […] Continue reading →
New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions Researchers from Checkpoint have discovered a dubbed HummingWhale Android malware, Hummingbad was found inside more than 20 Google play apps. One of the apps inside Google play with Hummingbad infection appears to have been downloaded more than a millions […] Continue reading →
The first Android banker malware (Android.BankBot.149.origin) of 2017 is already out and its source code is put on the web. This Android malware can steal users banking information and send it to CnC servers. The source code available on the web also means more variants of this malware will be seen in the wild very […] Continue reading →
Researchers from Checkpoint have identified that a dubbed malware Gooligan has infected more than 1.3 million Android users globally. Android targeted malware campaign infects devices and steals authentication tokens which is then used to access data from Google apps such as Google play, Gmail, google photos google docs, google drive and many others. The malware […] Continue reading →
The Clash of the Kings is one of the most liked game on the mobile environment with more than 100 million downloads but recent hack exposes its 1.6 million gamer information exposed. The hacker exploited outdated vBulletin software(forum’s) and the vulnerability dates back to late 2013 which includes easily exploited security flaws. The exposed data includes usernames, […] Continue reading →
In September, researchers at FireEye Labs discovered a group of malicious adware created by a company based in China and Singapore called NGE Mobi/Xinyinhe. On October 7, FireEye detected a similar adware family capable of completely taking over Android based devices. Researchers have named it kemoge after its CnC domain aps.kemoge.net. It is believed that […] Continue reading →
One of the most malicious attacks that can ever be launched on a website is being flooded with multiple requests that it cannot handle, otherwise known as DDoS’es. According to internet security researchers, this nightmare may have recently become a reality after one site was targeted in such a manner with an aim of overwhelming […] Continue reading →