Over 25 million Android users have been hit with a new malware that replaces installed apps with infected versions. The malware is exploiting a vulnerability in the Android OS. The infected versions of the apps are designed to display ads. This comes close on the heels of a massive hacking attempt on global cellular networks.
Researchers from Check Point, a cybersecurity company, have identified the malware and named it ‘Agent Smith’. The name has been given because of the methods that it uses to attack mobile devices. The malware affecting Android OS looks for known apps such as, WhatsApp, Opera Mini, or Flipkart. Then it replaces a portion of the code used in these apps and prevent them from updates. The malware is exploiting a vulnerability that was believed to be patched several years ago.
Most of the devices infected by the malware are primarily in India and other Asian countries. The primary way that Agent Smith spreads is through a third-party app store called 9Apps. The App Store is popularly used by Indian and Asian users. The malware is hidden inside barely functioning photo utility, games, or tends to exploit content related apps. After a user downloads these apps, the malware can hide itself by renaming the package as Google-related. The malware smartly renames these apps with something similar to a Google app, e.g. ‘Google Updater’.
The malware has accounted for 15 million infections in India alone and the malware also made its way to the US. The malware operators have managed to sneak in and list 11 apps that include the malware code. Even though the malware remains dormant, Google has removed all the discovered malicious apps.
According to Check Point, developers need to update their apps to take advantage of added protections. It is believed that the malware is run by a Chinese company that claims to help developers in publish apps.
If users experience ads being displayed on their Android phones at odd times, they need to check for suspicious applications. The names of these applications are like Google Updater, Google Installer for U, Google Powers, and Google Installer. On detection of such dubious apps, the users need to immediately uninstall these apps.