Skip to Content

14 million smartphones infected by dangerous malware

Here at, our goal is to keep you safe in this constantly evolving world of digital threats and dangers.

Just yesterday, we reported on how WannaCry-style ransomware is now targeting Android smartphones. Now, another new variant of an older piece of malware has been found.

The malware is called CopyCat and as its name suggests, it masquerades as legitimate copies of real apps on third-party Android download sites but steals their ad revenue instead.

Security researchers from Check Point discovered the new CopyCat strain on Thursday and they found that it has infected more than 14 million Android devices worldwide, including 280,000 in the U.S. alone. Now, that’s a lot of CopyCats! This scheme has rewarded the malware’s authors over $1.5 million in a span of two months so far.

Thankfully, the malware has not infiltrated the official Google Play app store and it is primarily spread through third-party app stores. If a poisoned cloned app is downloaded, it gathers information about the victim’s device, proceeds to root it then disables its security system.

CopyCat then hijacks the Android device’s app launcher Zygote. Once in control of the launcher, it will learn all the apps that are installed on the device then downloads their fake equivalents. With these fake versions of the apps installed, the malware can send the ad revenue of the originals to the cybercriminals instead of the app developers.

Check Point estimated that around 4.9 million fake apps were installed on infected devices, generating up to 100 million ads.

This variant of CopyCat also checks if the infected device is located in China and stops its attack if it is. This led the researchers to believe that the cybercriminals’ base of operations is in China.

Although this latest CopyCat campaign has a global reach, the majority of its victims are located in India, Pakistan, Bangladesh, Indonesia and Myanmar. An additional 381,000 victims are located in Canada.

Are you affected?

Fortunately, this new strain of CopyCat only affects gadgets running Android 5.0 (Lollipop) and earlier, a version that was released three years ago. All of the five software flaws that CopyCat exploits have already been patched.

Vulnerable devices include older Android phones with apps being downloaded regularly from unofficial third-party app stores.

Check Point also warned that these old exploits are still effective because a good number of users “patch their devices infrequently, or not at all.”

Click here to read Check Point’s white papers about this latest CopyCat cyberattack.

Protect yourself from Android malware

As always, to protect yourself against Marcher and other Android malware, the best practice is to avoid downloading and installing apps from “Unknown Sources.” Only download apps from the official Google Play app store and make sure you check user reviews, too, before installing.

Second, be careful with links and websites you visit. Drive-by malware downloads could happen anytime without you knowing it. Don’t grant any system permissions to prompts coming from unknown sources.

Also, keep in mind, Google has end-of-life timeframes for its Android updates. Chances are if your Android device is two years old or older, it’s unlikely that you’re getting new versions of its software so better start thinking about upgrading your device soon.

As evidenced by this CopyCat campaign, if your device is not getting the latest security patches and bug fixes anymore, you are exposing yourself to exploits and threats that may come back to bite you down the line.

More from

3 ways hackers hide malware on Facebook

How smart gadgets spy on you

Don’t fall for this ‘White House’ phishing email

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started