Do you see an ad popping up when opening Whatsapp? Then you are a victim of Agent Smith Malware.A newly discovered piece of Android malware that replaces portions of apps with its own code has infected more than 25 million devices, according to security firm Check Point. Disguised as Google related app, the core part of malware exploits various known Android vulnerabilities and automatically replaces installed apps on the device with malicious versions without the user’s interaction. This unique on-device, just-in-time (JIT) approach inspired researchers to dub this malware as “Agent Smith”.
The malware looks for common apps such as Whatsapp, Flipkart, Opera mini then replaces portions of the app code and prevents them from updating. Agent Smith has primarily infected devices in India and other nearby countries. That’s because the main way it’s spread is through a third-party app store called 9Apps that’s popular here. Despite its focus on India, which accounts for 15 million infections, Check Point says the malware also made its way to the US where more than 300,000 devices were infected.
The same malware could also be used for more malicious purposes such as credit card theft, with the company’s report stating, “due to [the malware’s] ability to hide its icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device.” The security firm says they submitted data to Google and law enforcement agencies, and as of publishing no malicious apps remain on the Play Store.
“This application was as malicious as they come,” Check Point writes of the malware. According to the researchers, the malware appears to be run by a Chinese company that claims to help developers publish their apps internationally. It relies on a key vulnerability which was patched several years ago in Android. But developers need to update their apps in order to take advantage of the added protections. Evidently, many have not.
Malware like this, requires attention and action from system developers, device manufacturers, app developers, and users, so that vulnerability fixes are patched, distributed, adopted and installed in time.
Logix since 1999, is a committed and acknowledged provider of managed services, solutions and products in the Cyber security space with a dedicated team of nearly 20+ professionals supporting Business enterprises across PAN India from Banks, Government entities to Financial Institutions. With a strong focus on research and innovation, we have built extensive capability around Big Data for Security Analytics, Response, and Security Automation.