Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Android
    • Android
    • Cybersecurity

    Copycat Malware Could Be the Harbinger of Even Worse Cyber-Attacks

    By
    WAYNE RASH
    -
    July 8, 2017
    Share
    Facebook
    Twitter
    Linkedin
      CopyCat Android Malware

      At first glance the Copycat malware doesn’t seem like a huge threat to end users. Its primary purpose is to make money by reporting the installation of apps for which it gets paid a commission. End users will see apps installed on their Android devices that they didn’t download, and in many cases those apps will be bogus, but little else seems to happen.

      But in fact, there’s a lot going on beneath the surface. Copycat, which was first discovered by researchers at Check Point Software, infects a device when the user downloads an infected app from a third-party app store or when the user falls for a phishing email. Once it’s on the device, the malware uses one of several exploits to attack the device.

      The first attack is to gain root access to the Android device, which it’s able to accomplish over half the time. Once it roots the device, the malware injects code into Android’s Zygote service, which is the process that Android uses to launch apps. The Zygote attack allows the malware to download new apps silently, for which it’s paid a referral. In addition, the malware monitors user activity to get referrals for apps the user views in Google Play, for which it then also gets referral payments.

      Meanwhile, the malware has installed itself to the Android system to gain persistency. Once it’s there, the user is unlikely to realize that the device has been infected and in any case the malware is difficult to remove. Unless the device is patched, the malware can stay inside the device essentially forever.

      The more serious problem with Copycat is that the malware can be used to deliver payloads besides bogus ad referral requests. Because it is successful in rooting the device when it’s installed, the Copycat malware can be used to deliver some serious threats, such as ransomware, spyware or software that’s designed to infect users’ network to help spread other types of malware if it can.

      Perhaps worse, because the malware is already alive on something like 14 million Android devices, it’s entirely possible for it to install the software necessary to deliver a DDOS on a global basis, entirely using mobile devices. Because it is so distributed, such a mobile attack could proceed without being obvious to the originating networks, but could deliver a lethal blow to the target.

      If there’s a positive development in all of this, it’s that Google has already issued patches for the Android devices that are affected. In addition, at this point Copycat only affects older versions of Android.

      But it’s those older devices that are least likely to receive Google’s patches, meaning that the Copycat infection isn’t going anywhere anytime soon.

      Much of the problem lies with device manufacturers that don’t bother to provide Android updates at all, or to stop distributing updates after a period of time—sometimes only a few months —after the device was produced. In the United States the situation is more complicated, because not only do device makers have to provide the updates, but then the carriers that service those devices have to approve the distribution over their networks.

      There are ways to reduce the chances of getting malware such as Copycat on your Android devices. The first is ensure your Android devices is set to only allows apps from Google Play—especially the device is going to be used on your company network. On company owned devices, this can be permanently set.

      The second is to only purchase Android mobile devices from device makers or distributors that commit to delivering security updates in a timely manner. Such a limitation will also restrict the choice of vendors and perhaps carriers or it may cost a little more, but your devices will be more secure against malware invasions.

      Such a limitation may be extended to BYOD devices, meaning that you will only approve devices on your network that meet those requirements.

      In addition, your employees will have to be trained to recognize phishing emails when they see them and to alert your security team if they show up. It’s likely that if one employee gets a phishing attack, others will too. This will make it possible for you to alert everyone and to recognize the malware attack when it starts.

      One important training method is to create realistic simulated malware and then use it to test your staff. Perhaps you could reward employees who uncover phishing emails first.

      Of course there are other methods, including the security products from the folks at Check Point Software who found the malware in the first place. There are a number of anti-malware packages that run on Android devices and it seems that every security software vendors has at least one.

      In addition, your company should have network and internal defenses in place to keep malware and hackers away. Configured properly, that protection can also keep Copycat and other malware out of the network.

      Ultimately, the best protection is good cyber-hygiene. Know where the devices on your network have been before you let them have intimate contact with yours. Prevent outsiders from injecting their viruses into your cyber-space. Also, don’t click on stuff that you don’t recognize or entirely trust.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×