A new Android malware has wreaked havoc in over 25 million devices. The malware was named ‘Agent Smith’ because of the ways and methods it uses to attack the device and avoid detection.
According to a security firm Check Point, the malware does not steal information from the users. Unknowing users would think that it is just a normal app. But Agent Smith then plants its own codes to the apps it attacks.
Over 25 million Android devices has been infected by “Agent Smith”
Unlike most malwares that steal personal information or banking credentials, Agent Smith works in a different way but not really uncommon. The malware hacks apps and forces them to display ads. It then takes credit for the ads so that the malware’s operator can profit off of the fraudulent views.
According to Check Point, the malware looks for more known and popular apps on a device such as WhatsApp, Flipkart or Opera Mini. Agent Smith malware then replaces portions of these apps codes to their own to avoid from being detected.
Agent Smith has primarily infected Android devices in India
The malware has infected over 15 million Android devices in India and other nearby countries. That is because the main way it has spread is through a third-party app called 9Apps which is really very popular in the region.
The malware would hide inside “barely functioning photo utility, games, or sex-related apps,” says Check Point. After a user has downloaded one, the malware would then disguise as a Google-related app, and then would start replacing the code of the app.
But Agent Smith has already made its way to the U.S. where more than 300,000 devices were already infected. The malware’s operator have also attempted to expand into Google Play Store by sneaking in eleven apps that included codes related to a simpler version of Agent Smith.
Thankfully, Google has now removed all the discovered malicious apps that were infected by the malware. Check Point says the malware is dormant at the moment. Furthermore, the key vulnerability that Agent Smith relies on has been patched by Android a few years ago.
However, developers still has to update their apps and take advantage of the extra layer of protection. “This application was as malicious as they come,” Check Point writes about the malware.
According to the folks at Check Point, the malware is run by a Chinese company that claims to help developers launch their apps internationally.