Archives for 

Android Malware

CopyCat malware Infected 14 million Android devices – Checkpoint

Checkpoint researchers identified a mobile malware named Copycat found infected with more than 14 million Android devices worldwide. The infected devices are found to perform ad fraud and has helped hackers make more than $1.5 million in the past 60 days. Once the malware is infected, it tries to root the device allowing the bad guys to gain full control of the device.

CopyCat has the ability to replicate referrer id of its own. (Referrer id is used to track ads from google ads or bing ads). This means any ad revenue generated is sent to the hackers instead of the original intended recipient. The malware uses 5 different exploits which includes CVE-2013-6282, CVE-2015-3636 and CVE-2014-3153 infected devices running Android 5.0 and earlier.

280,000 of infected devices are from US, 381,000 devices are from Canada and the rest belong to the users from India, Indonesia, Myanmar & Pakistan. If the victim belongs to China, the app would not perform any activity. Hence Checkpoint researchers believe that the cybercriminals are Chinese and trying to avoid any possible legal troubles. Although there is no direct evidence of who is behind the attack.

Adding to that the researchers also have found evidence of several connections between CopyCat and the Chinese ad network MobiSummer. It also has been found that the malware and the ad company originate from the same server and the malware has been found to have been signed by MobiSummer, a Chinese ad company.

Google has been tracking this malware and has necessary measures to block CopyCat with Play Protect. However not all the Android devices are updated nor even possible to update and many fall victim due to phishing or by installing third party apps after rooting resulting in the same.  However there is no evidence that this malware has been distributed by Google Play store.

Share Button

Gooligan malware campaign steals more than 1 Million Google Accounts using Android phones – Checkpoint

Researchers from Checkpoint have identified that a dubbed malware Gooligan has infected more than 1.3 million Android users globally. Android targeted malware campaign infects devices and steals authentication tokens which is then used to access data from Google apps such as Google play, Gmail, google photos google docs, google drive and many others. The malware […]
Share Button
Continue reading →

Remote Code Execution vulnerability on Google store allows Hackers to remotely install malware apps on your Android Device

Researchers from Metaspolit have discovered a major flow on devices running Android 4.3 (Jelly Bean) & prior versions that no longer receive official security updates from Android security team for WebView. Webview is one of core component for Google store. Attackers can easily install the malware app and perform malicious actions. Due to a lack […]
Share Button
Continue reading →

New Andorid Malware (Android.HeHe) disconnects your calls, intercepts texts – Fireeye

    Researchers at Fireye have discovered  six variants of  Android malware family( Android.HeHe)  that disguises itself as a security app, and intercepts the incoming texts and calls of victims. As per Fireeye “The app disguises itself as “android security” , attempting to provide the users what is advertised as an OS Update. It contacts the […]
Share Button
Continue reading →

Sharp rise in malware targeting Android by Kaspersky lab

  In recent days Android security threat has evolved as one of the biggest threat in the mobile world. A research from kaspersky labs shows a graph displaying it. ( below) http://www.net-security.org/images/articles/kaspersky082012-1.jpg Highlights from net-sec: Over the three months in question, over 14,900 new malicious programs targeting this platform were added to Kaspersky Lab’s database. […]
Share Button
Continue reading →