The malware affected users mainly in Southeast Asia and spread to more than 280,000 Android users in the US. The company said in a blog post. “ It is unclear who is behind the CopyCat attack, but there are several connections to MobiSummer, an ad network located in China,”.
It added that the Malware also refrains from targeting malware developers are Chinese and want to avoid an investigation by local law enforcement, a common tactic in the malware world, the blog post said.
According to the researchers, the campaign was spread via popular apps repacked with the malware and downloaded from third party app stores, as well as phishing scams. However there was no evidence that CopyCat was distributed on Google Play Store.
According to Google, they were able to quell the campaign, and the current number of infected devices is far lower than it was at the time of the campaign’ peak.
Said Check Point. “ Unfortunately, devices infected by CopyCat may still be affected by the malware even today.”