Posted on July 11, 2019 at 12:15 PM
A Copycat Malware Hiding Among Your Android Apps: ‘Agent Smith’ Infects 25 Million Phones
Android users once again seem to be facing a massive malware threat. According to a recent warning published on Wednesday by Israeli security firm, Check Point — around 25 million Android devices around the world might be infected by the new threat right now. The new threat is malware that can replace installed apps on users’ smartphones, while its own icon remains hidden.
The malware was named ‘Agent Smith‘ after the main villain from the first ‘The Matrix’ movie, and it can do this by abusing some older flaws still present in Android OS. This is why researchers recommend making the installation of new updates a priority.
New Android Malware Emerges
Another thing that researchers have noticed is that the majority of infected users are based in India — as many as 15 million. However, quite a large number of them was found to be from western countries as well, including 300,000 users in the US, and at least 137,000 in the UK. This is interesting as the malware is believed to be spreading from 9apps.com, which is a 3rd-party app store owned by Alibaba.
In other words, it is not the Google Play Store where the attacks are coming from, which makes the fact that so many westerners were infected all the more curious. Typically, 3rd-party app stores are mostly used in developing countries, which is why such attacks often only target users from those countries.
The malware was not recorded to be particularly harmful until now. Mostly, it will replace an app and serve ads, although researchers warn that the attackers could do more if they wanted to. They believe that this malware could have endless possibilities when it comes to harm that it could cause. For now, however, it only displays ads. The malware infects the phone when the user downloads and infected ad from the app store. The app then silently installs the malware, without any icons appearing on the screen.
Once installed, the malware could pretend to be any popular app, including WhatsApp, browsers, or something else. They would then serve ads, which are not malicious by themselves, but the attackers are still making money in a regular pay-per-click system.
As mentioned, the malware did not spread through Google Play. However, it appears that attackers may have had plans to move to the Play Store at some point, as there were at least 11 apps with malicious software, which Google had banned upon discovery.
Researchers are not certain as to who might be behind the malware, but they believe that the responsible party might be an unnamed Chinese firm from Guangzhou. The firm is believed to be operating a business that helps Chinese Android software developers promote their applications in other countries. As mentioned, 9apps platform is owned by Alibaba, although the company has not commented on the situation as of yet.
Yet another threat discovered in the Play Store
This is also not the only malicious issue that Android users had to deal with recently. Another report from a security company called CSIS Security Group reported a third-party app called ‘Updates for Samsung.’ It was uploaded on Google Play store, and it had over 10 million downloads.
According to researchers, this appears to be a new type of mobile attack, which tries to trick people into paying money for updates that they should be receiving for free. It would seem that the threats to Android users do not stop for more than a second, and almost every day, something else emerges to threaten the security of smartphone users.
With that in mind, researchers suggest extra care when it comes to downloading apps. Users should never install apps from third-party sources, and they should even be suspicious towards Google Play Store-based apps. Software by unknown developers should be avoided, while updates should be installed as soon as they become available.