CheckPoint has recently identified a new malware named CopyCat infecting more than 14 million Android devices across the globe. Out of the 14 million devices, 8 million devices were successfully rooted. With all these devices, the attackers were able to generate an ad revenue more than $1.5 million within two months of planting the exploit.
Read more: TrickBot malware
The CopyCat malware affects a daemon process called Zygote, which is responsible for launching different apps in the Android OS. With the attack, the victim devices can be taken control over the apps that the injected code can launch. CheckPoint, usually, provides security for the SandBlast devices and was first traced in a services of SandBlast mobiles. After reverse engineering over different servers and published a white paper with all the technical details of the malware.
Read more: Fireball malware
The CopyCat malware uses a state-of-art-technology to gain complete control over the victim's device. Once the control is gained, the victim devices will be left clueless for any defence. Googlian, DressCode and Skinner are the similar kind of state-of-art malware.
Effects of CopyCat malware:
Read more: Judy Chef malware
Operation CopyCat malware:
Once the CopyCat malware is exploited into the device, the malware waits till the device is restarted to gain control over the device. Upon restart, the malware downloads and "Upgrade" pack from the web storage service provided by Amazon, S3 bucket. This upgrade pack is a collection of six different exploits to workout on the security of the device. These exploits install a component that grabs root permissions. The malware injects into system_process that contains all Android services like PhoneManager, including ActivityManager.
Read more: Petya ransomware
The CopyCat malware displays fraudulent ads and generates revenue to the attackers. On the other hand, it steals the sensitive details of the user.
Read more: WannaCry ransomware
Read more: TrickBot malware
Read more: Fireball malware
The CopyCat malware uses a state-of-art-technology to gain complete control over the victim's device. Once the control is gained, the victim devices will be left clueless for any defence. Googlian, DressCode and Skinner are the similar kind of state-of-art malware.
 |
| Where CopyCat is infected |
- Theft of sensitive information.
- Device rooting or jailbreaking.
- Evolving attack objectives.
- Code sharing with similar communities.
Read more: Judy Chef malware
Operation CopyCat malware:
Once the CopyCat malware is exploited into the device, the malware waits till the device is restarted to gain control over the device. Upon restart, the malware downloads and "Upgrade" pack from the web storage service provided by Amazon, S3 bucket. This upgrade pack is a collection of six different exploits to workout on the security of the device. These exploits install a component that grabs root permissions. The malware injects into system_process that contains all Android services like PhoneManager, including ActivityManager.
Read more: Petya ransomware
 |
| Working of CopyCat malware |
Read more: WannaCry ransomware
0 comments:
Post a Comment