New malware known as Agent Smith, discovered on Wednesday, infects users through clones of apps like WhatsApp, MX Player and Truecaller and replaces legitimate Android programs with adware-compromised versions. According to experts at security firm Check Point who revealed the threat, the attack has already hit about 25 million phones running Android 5 (Lollipop) or 6 (Marshmallow) in India, Pakistan, Bangladesh and other Asian countries.
The malicious code exploits the Janus vulnerability, discovered in late 2017, so that hackers can cash in on advertising. Failure does not affect smartphones running Android 7 (Nougat) or later versions of the Google system.
Over 1,000 Android Apps Access Your Data Without Permission
Malware swaps apps like WhatsApp for fake versions and hits 25 million phones Photo: Anna Kellen Bull / TechTudo
Want to buy a cell phone, TV and other discounted products? Meet the Compare TechTudo
Malware distributed by alternative Android app stores. One of them at 9apps, linked Alibaba, the Chinese giant of e-commerce. According to Check Point, the threat will unravel as APKs from popular apps to stimulate installation. To download this type of program, the user must first remove the Android protections manually.
Once on the phone, the app paves the way for the installation of Agent Smith malware, disguised as a supposed update from Google. It, in turn, analyzes the other apps installed on the device and downloads a list of modified clones in the code. After the batch download, the malware exploits the Janus vulnerability to replace legitimate apps without arousing suspicion.
In the aftermath, fake apps get in touch with ad networks and start displaying ad banners on the phone, and hackers make money by viewing the ads. The APK that infiltrates malware on the phone has a hidden icon, making it difficult to identify the root of the problem. The Check Point survey reports that, on average, each victim has 112 apps swapped for fake versions.
How to Remove Virus on an Android Phone
So far, the functions of malware have been exploited primarily for revenue from advertisements, but experts warn that the possibilities are endless. In theory, the code could also fake bank applications as long as the original is already installed on an outdated Android phone.
Another concern is related to the distribution of the attack. While the flow of infections comes from alternative Android stores, security experts even identified at least 11 apps in the Google Play store that contained portions of the code used by Agent Smith. Google has been warned and apps have been removed from the store.
Via Check Point and The Next Web