The ‘Agent Smith’ malware has infected 25 million Android devices
Cyber-security firm Check Point has released new research that shows that malicious apps from a campaign called “Agent Smith” have been downloaded to 25 million Android devices.
The apps were distributed through third-party app stores by a Chinese group with a legitimate business that helps Chinese developers promote their applications on outside platforms. Check Point did not identify the company, as they are cooperating with local law enforcement in regards to this matter.
About 300,000 devices in the U.S. were infected.
Most of the applications affected are games, though popular apps including WhatsApp and the web browser Opera were also affected.
The malware works by copying the app, injecting its own malicious code, and replacing the original app with the weaponized version. It does this by using a vulnerability in the way Google apps are updated. The hijacked apps would still work just fine, thus hiding the malware from users.
The “Agent Smith” malware was able to hijack other apps on the phone to display unwanted ads to users because the malware was armed with all of the permissions users had granted to the real apps. Showing unwanted ads might not seem like a significant problem, but that same security flaw could be used to hijack banking, shopping, and other sensitive apps.
Avirian Hazum, head of Check Point’s analysis and response team for mobile devices stated, “The user wouldn’t be able to see any difference, but the attacker could connect to your bank account remotely. Hypothetically, nothing is stopping them from targeting bank apps, changing the functionality to send your bank credentials” to a third party.
To keep your phone safe, it is recommended that Android users use ad blocking software on their phones, always update their devices with prompted, and only download apps from the Google Play Store.
As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648
