Fake Android app infects 14 million devices worldwide
Home 5 Blog 5 Fake Android app infects 14 million devices worldwide
Fake Android app infects 14 million devices worldwide | IntelliTeK Pty Ltd, Managed IT Services Sydney Australia

Dubbed CopyCat, this malware has already infected 14 million devices and has caused nearly AU$2 million in damages in the space of only two months.

Out of the 14 million infected devices, 8 million of them were rooted by the malware, 3.8 million devices were used to serve ads (to further spread the malware) and 4.4 million devices used to steal credit card details from the Google Play store. Most of the victims resided in South East Asia with a fair chunk of infected devices from the United States.

The infections originated from third-party app downloads and email phishing attacks.

The CopyCat malware has capabilities to root infected devices, establish persistency, and inject malicious code into Zygote – a daemon responsible for launching apps on Android, providing the hackers full access to the devices. CopyCat uses several exploits, including CVE-2013-6282 (VROOT), CVE-2015-3636 (PingPongRoot), and CVE-2014-3153 (Towelroot) to hit devices running Android 5.0 and earlier, which are all widely used and very old, with the most recent uncovered 2 years ago.


CopyCat disguises itself as a popular Android app that users download from third-party stores. Once downloaded, the malware starts collecting data about the infected device and downloads rootkits to help root the victim’s smartphone. After rooting the Android device, the CopyCat malware removes security defenses from the device and injects code into the Zygote app launching process to fraudulently install apps and display ads and generate revenue.

In just two months of time span, the CopyCat malware helped the hackers make nearly AU$2 million in revenue. The majority of profit came from nearly 4.9 million fake installations on infected devices, which displays up to 100 million ads.

Android users running older versions are vulnerable from downloading apps from third-party app stores as older android versions are seen to be prime targets for cyber attacks to exploit. Although it depends on your device its recommended to always be on the latest version of Android, if your phone prevents you from being on the latest version of Android then users should ensure they are on the most updated version.

About IntelliTeK Pty Ltd

IntelliTeK is a managed IT services company in Sydney, Australia. With major vendor relationships and accreditation’s from the worlds leading IT companies including WatchGuard, Microsoft, Trend Micro and Amazon Web Services, IntelliTeK have kept clients happy since 2007. 

IntelliTeK are always up to date with the latest cloud backup solutions which is why we only partner with the best in the industry. If your company isn’t fully equipped to fend off cyber criminals, then get in touch with us so we can discuss your options. Call us on 1300 768 779, email us at info@intellitek.com.au, fill out the web form, or have a Live Chat with us below.

Book A Consult

We can accommodate a solution for your needs, to discuss your options please contact us today.

Ph: 1300 768 779