Categories: Digital LifeNews

Dangerous malware replaces code in existing apps to covertly infiltrate over 25 million Android devices

Cyber-security solutions provider, Check Point Research, discovered a new variant of an existing malware that targetted Android devices.

Named “Agent Smith” — after the character from Matrix — the malware was able to mimic and replace apps installed on a device without detection. It has covertly infected around 25 million devices, including 15 million mobile devices in India alone.

To put that into perspective, the total number of devices infected by the malware make up close to 90% of the population of Malaysia.

Made in China

The researchers have reason to believe that “Agent Smith” originated from a Chinese internet company located in Guangzhou with a front that claimed to offer services that help Chinese Android developers publish and promote their apps globally.

The malware is so advanced that it looks for popular apps installed on an Android device like WhatsApp, Opera Mini or Flipkart and then replaces the code in the app to prevent the app from being updated while at the same time exploit vulnerabilities in the system without the user’s knowledge or interaction.

Once it has successfully installed itself in a device, the malware uses the access it has to instruct the infected app to display more ads than normal or takes credit for the ads they already display. This allows the hacker responsible for the attack to make money from ad revenue.

While displaying more ads on your phone may seem harmless, Check Point Research warns that the malware could be easily altered for far more intrusive and harmful purposes such as stealing banking credentials and eavesdropping on conversations or messages.

Third-party app store

The main way the malware spreads itself is through a third-party app store called 9Apps and targeted mostly Hindi, Arabic, Russian, Indonesian speaking users. In India alone, over 15 million Android devices were infected.

Other Asian countries such as Pakistan and Bangladesh have also been impacted. There has also been a noticeable number of infected devices in the United Kingdom, Australia and the United States.

In the third-party app store, the malware would hide inside “barely functioning photo utility, games, or sex-related apps,” Check Point wrote.

The malware’s operator also appears to have attempted to make available the malicious app on the Google Play Store itself where it managed to sneak 11 apps that featured code related to a watered-down version of the malware.

“The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,” said Jonathan Shimonovich, Head of Mobile Threat Detection Research at Check Point Software Technologies.

He added that “users should only be downloading apps from trusted app stores to mitigate the risk of infection as third-party app stores often lack the security measures required to block adware loaded apps.”

The vulnerability that allowed the malware to infiltrate millions of Android devices has since been patched up. Check Point also said that it worked closely with Google to remove all the related malicious apps that existed on Play Store as well.

Recent Posts

Malaysia Airlines’ new A330neo grounded temporarily due to production issues

Malaysia Airlines has temporarily grounded its brand new Airbus A330neo after completing four commercial flights.…

15 hours ago

Proton e.MAS 7: Here’s how much it cost to maintain this EV

Pro-Net recently revealed that you only need to service the new Proton e.MAS 7 EV…

2 days ago

Proton e.MAS 7: How much does it cost to replace the tyres?

The Proton e.MAS 7 is one of the most value for money SUVs at the…

2 days ago

Samsung to launch its new AI-powered home appliances with improved ecosystem integration at CES 2025

Samsung has announced that it will be holding its press conference titled "AI for All:…

3 days ago

SoyaCincau Awards 2024: The Best Phones of the Year

Modern smartphones are very capable computing devices, thanks to powerful hardware trickling down the price…

3 days ago

CelcomDigi offers 5G Home WiFi at RM69/month for Postpaid customers

If you're a CelcomDigi Postpaid 5G customer and can't get fibre broadband for your home,…

3 days ago

This website uses cookies.