More than 25 million Android phones have been infected by a new malware “Agent Smith,” masquerading as popular apps such as WhatsApp, Opera Mini, and Flipkart.
Security researchers at Check Point have named it Agent Smith because of the sneaky methods it uses to attack a device and avoid detection. The malware operates by replacing portions of apps with its own malicious code.
It is to be noted that the malware does not steal users’ personal data. Instead, it modifies the apps and forces them to display ads. The motive behind this is to take credit for the ads that are displayed and make profits off the views achieved in an illegal manner.
Agent Smith specifically hunts for popular apps like WhatsApp. Once it replaces sections of their code, the malware prevents those apps from being updated.
15 million Android devices infected in India so far
Agent Smith malware campaign appears to be focused on India and the nearby countries. This is because the malware has mainly spread through a third-party app store called 9Apps, which is popular in these regions.
Photo utility, games, or sex-related apps on 9Apps mostly have this strain of malware hidden inside. Once it gets downloaded on the phone, Agent Smith disguises itself as a Google-related app like “Google Updater,” and then initiates the process of impersonation.
India alone accounts for 15 million infected devices. However, the malware has made its way to the US as well where it has infected more than 300,000 devices.
What’s even more threatening is that the malware creators managed to sneak Agent Smith into the Google Play Store apps as well.
As many as 11 Android apps were found carrying code related to a simpler version of the malware. Thankfully, the malware remained dormant and Google has now removed all malicious apps.
The fix
Agent Smith seems to be run by a Chinese company that claims to help developers publish apps internationally.
It exploits a vulnerability that was patched years ago in Android. But there are several developers who haven’t updated their apps yet. Hence Android developers need to update their apps in order to avoid the malware.
