CopyCat
NJCCIC Threat Profile
Original Release Date: 2017-07-06
CopyCat is an Android malware that generates and steals ad revenue. According to CyberScoop, the malware infected 14 million Android devices, rooted 8 million phones and had 3.8 million devices serve ads. It claimed victims mainly in South and Southeast Asia, but over 280,000 Android users in the United States were also infected. CopyCat infects users through dated exploits, the oldest dating back to 2013. The danger of CopyCat is its modular structure, which allows the threat actor to change the malware’s strategy and behavior on the device to be tailored to their victims. Researchers at Check Point Software Technologies state that CopyCat is a fully developed malware with many capabilities, including elevating privileges to root, establishing persistency, and injecting code into Zygote which allows the malware to intervene in any activity on the device.
Reporting
- July 2017: Scammers make millions in two months with dated Android exploits. (CyberScoop)
Technical Analysis
- Researchers at Check Point Software Technologies provide technical analysis here.
Featured Content
- Disaster Relief and Tragedy-Related Scams>
- Flaw in Cosmo DB Could Allow Access to Databases>
- Threat Actors Use Messaging Service as Phishing Lure>
- Back-to-School Cybersecurity>
- Patch Now: Active Exploitation of Microsoft Exchange ProxyShell Vulnerabilities >
- T-Mobile Breach>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.