This site may earn affiliate commissions from the links on this page. Terms of use.

Google has stepped up its efforts to secure Android in contempo years, simply exploits are bound to happen with billions of devices out at that place. Security firms are reporting on a particularly successful strain of malware called CopyCat, which reportedly hit some fourteen million devices last year, and successfully gained root access on about eight million of them. The goal of this scheme was to brand money from fraudulent ads and app installs, and the malware creators probably fabricated a lot of information technology.

CopyCat was distributed covertly inside a number of popular apps that were repackaged and posted in third-party app stores. No instances of it have appeared in the Play Store, probable because the exploits information technology uses are known to Google and would have been easily detected. Nigh infections occurred in Asia, but at that place were likewise instances of CopyCat in other parts of the globe, including the US.

Once installed on a device, CopyCat uses a suite of five previously patched vulnerabilities to attack a device. 3 exploits (CVE-2014-4321, CVE-2014-4324, CVE-2013-6282) relate to the VROOT method. Meanwhile, PingPongRoot (CVE-2015-3636) (CVE-2014-3153) and Towelroot are also included. Of these exploits, PingPongRoot is the most recent. It was released to gain root admission on Lollipop, and was patched in Android 5.ane.1 in mid-2015.

All iii of these root methods were used past enthusiasts to gain root and change their devices. However, now they are beingness used past online fraudsters to proceeds control of phones. If CopyCat successfully roots a device, it injects code into Zygote and begins silently installing apps. Zygote is the process in Android responsible for launching apps, allowing the attackers to fraudulently get referral credits, as well equally hijack ads. Security firm Check Bespeak estimates CopyCat has earned its operators $1.5 million over almost two months.

Google patched the holes used by this malware years ago, but in that location are still enough of devices running vulnerable versions of the OS. According to Google'due south platform distribution numbers, around one tertiary of phones are running a build that could be vulnerable to at least one of these exploits. It's upwardly to device makers to ship out security patches, and update support is usually ended after a few years. In the case of budget devices, updates might dry up after but a few months.

While the malware was not installed via the Play Store, Google has remotely killed CopyCat on many devices. Nonetheless, not all phones (like those in Cathay) have Google services installed to make that possible. That ways some number of old phones out at that place will continue pipe cash to the malware distributors until they stop working.