VERY IMPORTANT

The Check Point research team identified a new mobile malware targeting millions of Android users. The malware, dubbed "CopyCat" by researchers, uses a novel technique to generate and steal ad revenues. This extensive campaign infected over 14 million devices, rooting 8 million of them with an unprecedented success rate. The malware reached a global spread, infecting mostly users from south-east Asia, but also over 280,000 users in the US. We estimate that through the malware's malicious activities, the perpetrators behind it gained over $1.5 million over the course of two months. CopyCat is a fully developed malware with vast capabilities, including elevating privileges to root, establishing persistency, and to top it all - injecting code into Zygote. Zygote is a daemon whose goal is to launch apps on Android, and injecting code into it allows the malware to intervene in any activity on the device.