According to reports, as many as 25 million Android smartphones have got infected by a malware which replaces installed applications like WhatsApp with evil app versions. Check Point’s researchers named the malware as “Agent Smith” because of the methods it uses to attack devices and run away from detection.
Reportedly, the malware does not steal any user’s information. Instead, it hacks apps and targets more ads, and also takes credit for those which are already displayed so that the malware’s operator can profit off the fraudulent views.
Most victims are Indian based, where as many as 15 million were infected. But there are more than 300,000 in the U.S., with another 137,000 in the U.K., making this as one of the more severe attacks to have hit Google’s operating system in recent memory. It is predicted and now confirmed that the malware started spreading through a third-party app store- 9apps.com, which is owned by China’s Alibaba, and not by the official Google Play store. Mostly, such non-Google Play attacks focus on developing countries, making the hackers’ success in the U.S. and the U.K. more remarkable.
“Due to its ability to hide it’s an icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device,” wrote the researchers. The malware would be hidden inside “barely functioning photo utility, games, or sex-related apps,” wrote Check Point. After a user downloads one, the malware would disguise itself as a Google-related app, like the “Google Updater” and then begin the process of replacing code.
Check Point said that the vulnerability persisted in Android smartphones for years. But developers need to upgrade their smartphone apps in order to take advantage of the added protection. “This application was as malicious as they come,” wrote Check Point. According to the researchers, the malware is actually operated by a Chinese company that claims to allow developers to publish their apps internationally.