But it’s those older devices that are least likely to receive Google’s patches, meaning that the Copycat infection isn’t going anywhere anytime soon.
Much of the problem lies with device manufacturers that don’t bother to provide Android updates at all, or to stop distributing updates after a period of time—sometimes only a few months —after the device was produced. In the United States the situation is more complicated, because not only do device makers have to provide the updates, but then the carriers that service those devices have to approve the distribution over their networks.
There are ways to reduce the chances of getting malware such as Copycat on your Android devices. The first is ensure your Android devices is set to only allows apps from Google Play—especially the device is going to be used on your company network. On company owned devices, this can be permanently set.
The second is to only purchase Android mobile devices from device makers or distributors that commit to delivering security updates in a timely manner. Such a limitation will also restrict the choice of vendors and perhaps carriers or it may cost a little more, but your devices will be more secure against malware invasions.
Such a limitation may be extended to BYOD devices, meaning that you will only approve devices on your network that meet those requirements.
In addition, your employees will have to be trained to recognize phishing emails when they see them and to alert your security team if they show up. It’s likely that if one employee gets a phishing attack, others will too. This will make it possible for you to alert everyone and to recognize the malware attack when it starts.
One important training method is to create realistic simulated malware and then use it to test your staff. Perhaps you could reward employees who uncover phishing emails first.
Of course there are other methods, including the security products from the folks at Check Point Software who found the malware in the first place. There are a number of anti-malware packages that run on Android devices and it seems that every security software vendors has at least one.
In addition, your company should have network and internal defenses in place to keep malware and hackers away. Configured properly, that protection can also keep Copycat and other malware out of the network.
Ultimately, the best protection is good cyber-hygiene. Know where the devices on your network have been before you let them have intimate contact with yours. Prevent outsiders from injecting their viruses into your cyber-space. Also, don’t click on stuff that you don’t recognize or entirely trust.