Companies with BYOD policies have yet another malware to keep an eye out for. The latest fast-acting adware, dubbed CopyCat, was able to infect more than 14 million Android devices around the world last year, according to researchers. The hackers behind this adware were able to defraud $1.5 million from app creators in two months.
CopyCat pretends to be a legitimate app and then steals ad revenue. One of the apps that CopyCat pretended to be was SimSimi, which had over 50 million downloads on the Google Play store. When Android users downloaded the fake SimSimi from a third party store, the CopyCat malware would collect data about the device and download rootkits. CopyCat was programmed to wait until the device restarted before attempting to root it in an effort to avoid suspicion.
Rooting the device would cut off its security system. To root the device, CopyCat exploited six different vulnerabilities that users neglected to patch. After rooting the device, the adware would then hijack the device’s Zygote, which is the process that launches apps. Through Zygote, CopyCat figures out every app that the user has downloaded and opened. Eventually the malware would replace the Referred ID on users’ apps with its own. Every ad that launched through an app on an infected device would send money to the hackers instead of the app creators.
The malware peaked in April and May 2016. Google’s Play Protect security measure ensured that Android users who downloaded apps through the Google Play store weren’t affected by CopyCat. However, users who downloaded apps from unsecure third party stores were more likely to have their devices infected by the malware. Google believes that fewer than 50,000 Android devices around the world are still vulnerable to being infected by CopyCat, although the malware is not at its peak anymore.
Even though CopyCat isn’t much of a threat now, companies with BYOD policies should consider how adware can impact the company’s network security. It’s possible for an employee to inadvertently download a malicious app onto their mobile device, which they also use for work. Below are three ways that show how endpoint security software can help companies with BYOD policies secure their networks:
Whitelisting and blacklisting applications: Endpoint Security software can help IT departments approve applications that are safe to use throughout the enterprise. Application whitelisting can guarantee that employees are using safe and familiar programs. By blacklisting unfamiliar applications, IT teams can ensure that malware doesn’t make it onto company networks.
Conduct vulnerability audits: By scanning devices for vulnerabilities, IT departments can use endpoint software to uncover gaps in security. CopyCat was able to spread through vulnerabilities that users didn’t get around to patching. By regularly monitoring for vulnerabilities, companies can identify and remediate any gaps before they have a chance to be exploited.
Monitor networks: Companies should monitor their networks for suspicious activity and users. Consistent monitoring allows IT departments to find any anomalies in activity. Monitoring networks with endpoint software also allows IT departments to detect cyber threats before they have a chance to deploy and cause damage.
As adware becomes more insidious and difficult to detect, companies should prioritize regularly conducting security audits and monitoring networks. With Endpoint Security Software that monitors for threats and remediates gaps, companies can keep their networks secure from malicious actors and adware.