In just two months, malware authors have earned approximately $1.5 Million in ad revenue from the distribution of CopyCat malware.

The malware has infected over 14 Million Android devices. It has capabilities to root infected devices, establish persistency, and inject malicious code into Zygote. It gives the hackers full access to the devices.

Check Point researchers say the malware has infected 14 million devices, rooted 8 million of them, force 3.8 million to serve up ads and 4.4 million were used to steal credit for installing apps on Google Play.

So far, Asia has been the main target, however, 280,000 devices have been infected in the U.S.

Check Point researchers say there is no evidence that the infections originate on Google Play, but rather from third party apps and phishing attacks.

The target of the attacks appear to be on Android devices version 5.0 or earlier. So victims are usually using old, unpatched, unsupported devices.

"CopyCat abuses the Zygote process to display fraudulent ads while hiding their origin, making it difficult for users to understand what's causing the ads to pop-up on their screens," Check Point researchers say.

"CopyCat also installs fraudulent apps directly to the device, using a separate module. These activities generate large amounts of profits for the creators of CopyCat, given a large number of devices infected by the malware."

Although Check Point has not found any direct evidence, the firm is pointing to a Chinese ad firm as possibly being responsible.

Source: The Hacker News