Malware comes in many forms but among the latest to be spotted on the Play Store and reported, is one that White Ops Researchers have dubbed CopyCatz. The cybersecurity company's investigation, while likely not exhaustive, rounded up a total of 164 such apps, in fact. And, between the apps in question, there were over 10-million downloads.
So, there are potentially tens-of-millions of users who have downloaded the CopyCatz malware directly from the Google Play Store. But that's hardly surprising, given the nature of CopyCatz. And that's because CopyCatz, whose name is incredibly appropriate, is all about deception and adware. As implied by its designation, CopyCatz start by mimicking legitimate, noteworthy, and popular apps.
One of the examples provided in recent reports and by White Ops is an app called "Assistive Touch 2020."
But the app had nothing to do with the actual Assistive Touch apps and features. Other popular apps from WiFi and VPN utilities to video and photo editors to games have been mimicked too.
Aside from Play Store listings, what sets CopyCatz malware apart?
Summarily, CopyCatz serves up out-of-context ads. But it's actually worse than that. Those ads are either in-house ads or out-of-context interstitials. Each pointing back to a "com.tdc.adservice package" where the behavior is then controlled by a JSON hosted on Dropbox. Of course, Dropbox is not willingly assisting CopyCatz.
The URL associated with the above-mentioned JSON file is different from app to app. But regardless of where the URL points to, the structure is similar. The apps delivering interstitials went out of their way to exclude themselves from recent apps. In effect, they disappear as soon as users navigate away. Others did nothing to cover their tracks. All of the apps utilize an open-source Evernote job scheduler that keeps the ads going. Although, as with Dropbox, White Ops lists Evernote as another victim rather than a participant.
So what can you do about this?
Now, White Ops lists all of the apps it found containing CopyCatz over on its initial report. But, as noted above, that likely isn't exhaustive. Google has removed all of the apps found in the report from the Google Play Store. But that doesn't mean that all of them have. Or that they won't crop up again.
The real danger with apps serving out-of-context as is that those can potentially lead users to worse malware. And that opens up the real possibility for other malware to be loaded directly into the adware. So users will want to remove any of the apps if they happen to have inadvertently downloaded them. Users should also check the reviews for discrepancies before downloading.