A new piece of mobile malware has been discovered that is said to have infected more than 25 million Android devices around the world, security researchers have warned.
The malware was detected by researchers at Check Point Research and works by stealthily replacing apps installed on the device with malicious versions that display fraudulent ads to users.
It has been dubbed ‘Agent Smith’ by the team after the character from the Matrix films, for the way it infiltrates and takes over legitimate apps and the methods it uses to avoid detection.
The malware operates in three key phases. First, it lures victims to download it by posing as a legitimate app such as a game. Then, once on an Android system, it automatically decrypts and installs its core malware, which is usually disguised as an innocuous-looking app like ‘Google Updater’.
It then scans the device’s list of installed apps for programs it can impersonate. If it finds one on its list, it will target the app and replace portions of its code to display ads and prevent the infected apps from being updated.
For now, the hackers behind the malware appear to be using it for financial gain, as they collect revenue each time a malicious ad is viewed. However, Check Point Research warned it could easily be adapted for much more harmful purposes such as stealing data.
“Due to its ability to hide its icon from the launcher and impersonate any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device,” the researchers stated.
Check Point Research noted that so far, the majority of infected devices have been located in India. This is said to be a result of the malware appearing on third-party app store 9Apps, which is popular in the country, but it has also been spotted in the UK, Australia and the US.
The malware highlights the risks posed when users download apps for their device from third-party sites outside the Google Play Store.
Check Point Research said: “With such a devious infection method of replacing existing device apps with the malicious version of those apps, users are reminded that apps should only be downloaded from trusted app stores to mitigate the risk of infection.”
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.