A new piece of mobile malware has been discovered that is said to have infected more than 25 million Android devices around the world, security researchers have warned.
The malware was detected by researchers at Check Point Research and works by stealthily replacing apps installed on the device with malicious versions that display fraudulent ads to users.
It has been dubbed ‘Agent Smith’ by the team after the character from the Matrix films, for the way it infiltrates and takes over legitimate apps and the methods it uses to avoid detection.
The malware operates in three key phases. First, it lures victims to download it by posing as a legitimate app such as a game. Then, once on an Android system, it automatically decrypts and installs its core malware, which is usually disguised as an innocuous-looking app like ‘Google Updater’.
It then scans the device’s list of installed apps for programs it can impersonate. If it finds one on its list, it will target the app and replace portions of its code to display ads and prevent the infected apps from being updated.
For now, the hackers behind the malware appear to be using it for financial gain, as they collect revenue each time a malicious ad is viewed. However, Check Point Research warned it could easily be adapted for much more harmful purposes such as stealing data.
“Due to its ability to hide its icon from the launcher and impersonate any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device,” the researchers stated.
Check Point Research noted that so far, the majority of infected devices have been located in India. This is said to be a result of the malware appearing on third-party app store 9Apps, which is popular in the country, but it has also been spotted in the UK, Australia and the US.
The malware highlights the risks posed when users download apps for their device from third-party sites outside the Google Play Store.
Check Point Research said: “With such a devious infection method of replacing existing device apps with the malicious version of those apps, users are reminded that apps should only be downloaded from trusted app stores to mitigate the risk of infection.”