M Android devices infected with 'Agent Smith' malware, says Check Point Research

Adjust Comment Print

With nefarious individuals become even more crafty in their attempts to infiltrate mobile devices in an effort to make money, Check Point Research is advising users to become even more vigilant.

"The number of potential users impacted by these findings is in the hundreds of millions", the researchers said, urging regulators and platform providers to adopt better tools to monitor the behavior of the apps. CopyCat malware, also works the same way. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.

Of course, this concept isn't entirely new in itself. Furthermore, to take this forward, the researchers at Check Point are said to have reported to Google along with the law enforcement agencies about this new Agent Smith malware. It found that Agent Smith malware was originally downloaded from the third party app store 9Apps and it mostly targeted Hindi, Arabic, Russian, and Indonesian speaking users.

Specifically, AP discovered that when using a Microsoft app and trying to share a file, the Share menu that typically displays the icons of the apps already installed on your device now includes shortcuts for other Android apps developed by Microsoft and which aren't installed.

Check Point also noted that it found indications that the hackers were working their way onto Google's Play Store with 11 apps containing a "dormant" piece of the software.

Most victims are based in India, whereas many as 15 million were infected. The company claimed that it worked closely with Google and there are no malicious apps on the Play Store.

Richard Branson's Virgin Galactic space-tourism business to go public
It said the final tests flights would be completed from New Mexico ahead of the launch of full commercial service for passengers and research payload.

There's not much that Android users can do, unfortunately. Agent Smith malware was detected by Security firm Checkpoint.

Once on an infected phone, Agent Smith would scan locally installed apps, and using an internal list of targets, would replace the original apps with ad-infected clones.

There were some popular apps among those, too.

Agent Smith malware campaign appears to be focused on India and the nearby countries. The legitimate apps like WhatsApp are then altered and replaced with an malicious update which then serve ads.

The entire process is quite stealthy and innovative, and it's very surprising seeing it used for something as banal as adware, when it's a technique you'd expect to see being used for spyware or more unsafe threats - something that Check Point researchers are also very well aware. Check Point also says that the vector could easily be used for more nefarious and harmful purposes such as stealing bank information or spying.