Checkpoint researchers identified a mobile malware named Copycat found infected with more than 14 million Android devices worldwide. The infected devices are found to perform ad fraud and has helped hackers make more than $1.5 million in the past 60 days. Once the malware is infected, it tries to root the device allowing the bad guys to gain full control of the device.
CopyCat has the ability to replicate referrer id of its own. (Referrer id is used to track ads from google ads or bing ads). This means any ad revenue generated is sent to the hackers instead of the original intended recipient. The malware uses 5 different exploits which includes CVE-2013-6282, CVE-2015-3636 and CVE-2014-3153 infected devices running Android 5.0 and earlier.
280,000 of infected devices are from US, 381,000 devices are from Canada and the rest belong to the users from India, Indonesia, Myanmar & Pakistan. If the victim belongs to China, the app would not perform any activity. Hence Checkpoint researchers believe that the cybercriminals are Chinese and trying to avoid any possible legal troubles. Although there is no direct evidence of who is behind the attack.
Adding to that the researchers also have found evidence of several connections between CopyCat and the Chinese ad network MobiSummer. It also has been found that the malware and the ad company originate from the same server and the malware has been found to have been signed by MobiSummer, a Chinese ad company.
Google has been tracking this malware and has necessary measures to block CopyCat with Play Protect. However not all the Android devices are updated nor even possible to update and many fall victim due to phishing or by installing third party apps after rooting resulting in the same. However there is no evidence that this malware has been distributed by Google Play store.
A new variant of the Marcher Android malware is disguising as an update for Adobe Flash Player to steal users’ financial credentials such as online banking and credit card details, according to Zscaler Threatlabz. Previously known to baiting users by exploiting pornographic websites and popular games to deliver payload, the malicious Marcher now resorts to […] Continue reading →
One of Checkpoint’s customer’s employee downloaded a malicious app called “EnergyRescue” which consisted of zero day mobile ransomeware (Doxware)from Google Play store. The ransomeware dubbed “Charger” and has appeared to be downloaded by millions of Android users. The ransomeware infected app gets access to contacts and SMS messages from the user’s device requesting admin permissions appears to be […] Continue reading →
New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions Researchers from Checkpoint have discovered a dubbed HummingWhale Android malware, Hummingbad was found inside more than 20 Google play apps. One of the apps inside Google play with Hummingbad infection appears to have been downloaded more than a millions […] Continue reading →
The first Android banker malware (Android.BankBot.149.origin) of 2017 is already out and its source code is put on the web. This Android malware can steal users banking information and send it to CnC servers. The source code available on the web also means more variants of this malware will be seen in the wild very […] Continue reading →
Researchers from Checkpoint have identified that a dubbed malware Gooligan has infected more than 1.3 million Android users globally. Android targeted malware campaign infects devices and steals authentication tokens which is then used to access data from Google apps such as Google play, Gmail, google photos google docs, google drive and many others. The malware […] Continue reading →
A mobile app development company has been identified as the perpetrator of distributing malicious applications globally and hacking the Android phones of users on whose devices these apps are installed. The apps grant complete access to the Android devices of the users and the attackers can gain total control over these devices. These malware apps […] Continue reading →
UT Austin ISO (Information Security Office) has detected a bug in Android 5.x that allows hackers to bypass the locked screen of the phone and access the home screen or other functions of the phone. For the purpose of the attack however the attacker must have physical access to the phone and the screen should […] Continue reading →
Stagefright Security patch leaves more than 950 million devices vulnerable hacked by a text The Stagefright vulnerability allows attacker to hack a phone with a text. Wiki (CVE-2015-3824) The patch issued by Google for Stagefright doesn’t fix the vulnerability leaving more than 95% of the Android devices vulnerable. The Android devices running version 2.2 to […] Continue reading →
IBM researchers have identified that more than 55% of Android users appeared to have impacted with Android serialization vulnerability – CVE-2015-3825. This basically means Android versions 4.3 and newer are vulnerable to this vulnerability. An advanced attackers could exploit this vulnerability to give a malicious app with no or least privileges the ability to become a super […] Continue reading →