
How the CopyCat malware infected Android devices around the world - techmagus
http://blog.checkpoint.com/2017/07/06/how-the-copycat-malware-infected-android-devices-around-the-world/
======
techmagus
My newly bought phone from last year was infected by this, even after
resetting to factory, not even rooted yet.

I can't understand what was happening and how it got it, and no app can detect
it. I've reported it to various groups and security experts, and finally, they
found what was happening!

When I rooted the phone and installed a port of a Samsung ROM, that's when I
noticed requests Zygote app which were all suspicious. For some reason, the
custom ROM can intercept and show the suspicious requests, and block all the
ads. The original ROM, even if rooted, can not block any of the popup ads, not
even intercept the Zygote request.

