Security researchers have found a new malware infecting more than 25 million Android units. Dubbed “Agent Smith,” the code makes its means on to a device by means of sketchy apps and then disguises itself as a Google-related application.
Based on a press release from security agency Check Point, once Agent Smith is active on the device, the malware seems to be for common apps and replaces them with malicious versions. The altered apps show fraudulent advertisements for financial gain.
“The malware attacks user-installed applications silently, making it challenging for common Android customers to fight such threats on their very own,” stated Check Point’s Head of Mobile Risk Detection Analysis Jonathan Shimonovich.
The strategies used are much like different malware such as Gooligan, Hummingbird, and CopyCat. Check Point additionally says that the vector might simply be used for more nefarious and harmful purposes such as stealing bank info or spying.
To this point, most of the infections have been detected in India and neighboring nations as a result of the malware is primarily distributed by means of 9Apps, 3rd-party app stores popular in the area. The malicious code usually comes hidden inside a “dropper” app.
More than 15 million of the infections originate from India, however, around 300,000 gadgets in the US reportedly have the malware installed as properly. Based on the researchers, the dangerous actors, who seem to originate from China, tried to increase operations into the Google Play Retailer and efficiently planted 11 programs contaminated with an altered version of the malware. Google has since eliminated the malicious software.
The vulnerabilities that Agent Smith depends on, Janus being one in each of them, had been really patched a number of years in the past, however many apps haven’t updated their security to benefit from the fix.