copycat malware targets the rooted devices


                           
                            

 what is copycat malware?
new piece of adware dubbed copycat malware has capabilities to root infected device, establish persistence and inject malicious code into Zygote- a daemon responsible for launching apps on android and providing full access to the devices.according to research at security firm check point it has infected 14 M android devices around the world.


how many devices infected from this malware ?
copycat malware has infected 14 million device ,nearly 8 million of them are rooted and device serve ads, and 4.4 million of  them were used to steal credit for installing apps on google play.

 the malware uses two tactics to abuse the zygote process and steal ad revenue .it displays fraudulent pop-up ads on a user's screen and steal app installation credits. it also installs fraudulent apps directly on to the device.

 how copycats works?

 as check point explained, advertisers are paid for display ads that lead to the installation of certain apps. copycats scams the mobile analytics platform tune to fraudulently earn its revenue.

 "copycat retrieves the package name of the app that the user is  viewing in google play, and sends it to its command  and control server," the researchers wrote."the server sends back a referrer ID suited for the package name. this referrer ID belongs to the creators of the malware, and will later be used to make sure the  revenue for the installation is credited to them."

 how the copycat malware spread?  

 there is no evidence on who is behind the copycat malware campaign , researchers  at check point found below-mentioned connections that indicate hackers might have  used  chinese ad advertising network 'mibisummer' for the distribution of the malware.

 copycat has managed to root 8 million of the 14 million  devices it has  infected. the campaign  peaked between march and may 2016, spreading through phishing scams and popular  apps that  
were repackaged with the malware and offered for download on third party apps stores. check point 
said there's 'no evidence' malware made its way into google play.

 "according to google" , they were able to quell the campaign, and the current number of infected devices is far lower it was at  the time of campaign peak ,check point wrote:"unfortunately , device infected by copycat may still be affected by the malware even today."  

Comments

Post a Comment

Popular posts from this blog

Image
 ⇒ What is an ip addresss? An   IP address   (abbreviation of   Internet Protocol address ) is an identifier assigned to each computer and other device (e.g., printer,   router ,   mobile device , etc.) connected to a   TCP/IP network that is used to locate and identify the node in communications with other nodes on the network. IP addresses are usually written and displayed in   human-readable notations. ➦ there are mainly two ip address 1)ipv4 2)ipv6 ⇒ Ipv4 address An IP address in IPv4 is   32-bits   in size, which limits the   address space   to   4294967296   (2 32 ) IP addresses. Of this number, IPv4 reserves some addresses for special purposes such as   private networks   (~18 million addresses) or   multicast addresses   (~270 million addresses). IPv4 addresses are usually represented in   dot-decimal notation, consisting of four decimal numbers, each ranging from 0 to 255, separated by dots, e.g., 172.16.254.1. Each part represents a group of 8 bit
Read more

MALWARE

Image
what is malware ? malware is a software,that perform  victim  malicious action on victims computer or any device. the term is a combination of the words malicious and software.the ultimate goal of hackers to install malware on your computers or any device any how.once they install malware on your computer or device they can access your computer. the malware are not only targeted to only some specific system like windows ,while windows is widely used ,thus a big target,malware can infect any computing device.every one is a target, including you. the more computer or devices cyber criminal infect,the more money they earn.  who is developing malware and why? malware is created by sophisticated cyber criminals to help them achieve specific goals.the main goal is to steal important information , user id passwords, to send spam  emails,launching denial of service attacks. the malware known as petya is used by criminals to infect and encrypt hard disk of your computer.once infe
Read more

Nmap for scanning networks

Image
what is Nmap? Nmap ("Network Mapper") is a free open source tool for scanning the network.you can download from from here nmap.org Nmap  uses raw IP packets in novel ways to determine what hosts are available on the network,what services (application name and version) those hosts are offering ,what operating system (os version) they are running,what type of packets filters/firewalls are in use,and dozens of other characteristics. firewalls,routers,proxy servers and other security devices can skew the results of and Nmap scan.scanning remote hosts that are not on your local network may provide misleading information because of this  what is illegal with Nmap? scanning networks that you do not have permission to scan can get you in trouble with your internet service provider,the police,and possibly even the government. don't go off scanning the FBI of secret service website unless you want to get in trouble. aggressively scanning some systems may cause
Read more