25 million Android devices infected with the Agent Smith malware
Check Point has discovered a new malware, Agent Smith, which has managed to infect 25 million devices worldwide. He attacked the apps installed on the smartphone forcing the reproduction of additional fraudulent banners.
A new malware for Android has been discovered that replaces parts of the app by injecting fraudulent code into them. According to Check Point, the malware involved more than 25 million devices and, due to the methods used to attack devices and bypass security software, was called ” Agent Smith “.
The malware does not aim to steal user data, but forces the reproduction of an additional number of advertising banners on the terminal apps, or tries to recover money from any generic banner. Once logged in on your smartphone or tablet, ” Agent Smith ” searches for well-known apps, such as WhatsApp, Opera Mini, Flipkart, and replaces parts of the code, also preventing the possibility of being updated by the user.
The first detections of the malware took place in India and other Asian countries, also because its diffusion is due to the use of a third-party app store called 9Apps very popular in the geographical area indicated.
According to the security signature, malware would hide in ” poorly functioning photo apps, games or sexual apps “. After installing one on the smartphone, an app apparently linked to Google called with names like ” Google Updater ” appears, but obviously this is a fraud.
The process of replacing the code of the other vulnerable apps installed on the terminal starts at that moment. In India, about 15 million infections were counted, but the malware managed to reach the United States with 300 thousand infections detected.
The attacker at the base of the attack would have tried to expand even on the more usual Google Play Store, succeeding us with 11 apps that included a simpler version of the malware that actually never managed to work as intended by the developer.
CheckPoint indicates that malicious apps have been discovered and deleted by Google itself, and no longer present on Play Store. One of the vulnerabilities exploited by Agent Smith, according to CheckPoint, was corrected several years ago on Android developers must update their applications to protect them and evidently some did not. Furthermore, according to the source, the malware was created by a Chinese company whose goal is to help developers publish their apps around the world.
