Malware warning: Security researchers uncover ‘Agent Smith’ attack that replaces real Android apps with fake ones on 25 MILLION devices
- Researchers found malware that disguises itself as legitimate Android apps
- At least 25 million devices were infected across India, the U.S., U.K. and more
- ‘Agent Smith’ as its called, hacks legitimate apps to display phony ads
- The attack allows hackers to profit off of ads viewed inside altered apps
- Hackers tried to sneak apps into the Google Play store but were unsuccessful
Malware that replaces victims’ legitimate apps with a malicious doppelganger has infected 25 million devices across India and the U.S. say security researchers.
The virus, named ‘Agent Smith’ after a fictional character from the, ‘The Matrix’ who is able to make others into copies of himself, was highlighted by the security firm Check Point on Wednesday and affects users on Android devices.
Instead of stealing data, the malware covertly replaces apps inside a user’s phone with hacked versions which display ads selected by the hackers, allowing them to profit off their views.
Android users across the world have been infected with a malware called ‘Agent Smith’ which disguises itself as a legitimate app and then serves up fake ads for money. File photo
To avoid detection, the malware — under its disguise as popular apps like WhatsApp or Flipkart — is also capable of replacing code in the original program with its own malicious version that prevents an app from being updated.
At least 15 million of the devices infected are located in India and 300,000 have been detected in the U.S. Other infections are spread across Asia as well as the U.K., and Australia.
‘The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,’ said Jonathan Shimonovich, Head of Mobile Threat Detection Research at Check Point.
‘Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like ‘Agent Smith”
Malware spread through the third-party app store 9Apps where malicious code was embedded into photo and sex-related apps.
WHAT IS ‘AGENT SMITH’ MALWARE?
A malware called ‘Agent Smith’ was found to have infected 25 million device mostly in India.
Malicious code was able to disguise itself as legitimate apps and take over the ads served inside those programs.
Hackers didn’t steal users data but were able to make money off of serving up phony ads.
Many users were unaware that they had been infected.
Code spread via third party app-store 9Apps and unsuccessfully tried to infect users in the Google Play store.
The malware is named after a fictional villain in the 1999 movie ‘The Matrix’ who was able to turn victims into copies of himself.
Researchers say Agent Smith was able to spread to devices through a third-party app storecalled 9Apps.
Malicious code was embedded into photo apps and sex-related apps which were then downloaded by users.
Once inside a victim’s device, the malware would disguise itself as a legitimate app and then begin replacing code.
As reported by The Verge, creators of the malware also attempted to infect users in the Google Play store through 11 apps containing bits of malicious code.
The foray was reportedly unsuccessful and Google has removed all the apps from its store.
A vulnerability in Android that allowed hackers to include their code was patched several years ago, but developers failed to patch their apps, leaving many open to attack.
To avoid being compromised by malware like Agent Smith, Check Point has some simple words of advice.
‘Users should only be downloading apps from trusted app stores to mitigate the risk of infection as third party app stores often lack the security measures required to block adware loaded apps,’ wrote researchers.