Incident Of The Week: Malware Infects 25M Android Phones
‘Agent Smith’ attack targets devices being used without latest security measures
Cyber security researcher Check Point has warned Android users in a blog on July 10, 2019, that as many as 25 million Android mobile devices have been hit with a malware now being called ‘Agent Smith.’ The malware hides within installed apps like WhatsApp, taking advantage of the vulnerabilities within the Android operating system.
See Related: “Securing The Enterprise From Mobile Malware”
According to Check Point, this new breed of malware was able to copy popular apps on the phone, but inject its own malicious code – replacing the original app with the weaponized version. The hijacked apps on the surface work fine but the malware is hidden from users. The malware then displays unwanted ads to users, which may not seem like a big problem, “but the same security flaws could be used to hijack banking, shopping and other sensitive apps, according to Aviran Hazum, head of Check Point's analysis and response team for mobile devices.”
"Hypothetically, nothing is stopping them from targeting bank apps, changing the functionality to send your bank credentials" to a third party, Hazum said. "The user wouldn't be able to see any difference, but the attacker could connect to your bank account remotely."
The Scope Of The Attack
While it was reported that most of the victims are based in India (as many as 15 million), there are more than 300,000 in the U.S, and another 137,000 in the U.K. In addition, the malware has spread through a third-party app store 9apps.com that is owned by China’s Alibaba rather than the Google Play store.
Check Point believes an unnamed Chinese company based in Guangzhou has been building the malware, but it won’t identify the company while it is working with local law enforcement.
See Related: “11 Ways To Boost Your Mobile Device Security Now”
“The Agent Smith campaign serves as a sharp reminder that effort from system developers alone is not enough to build a secure Android ecosystem,” researchers wrote. “It requires attention and action from system developers, device manufacturers, app developers and users, so that vulnerability fixes are patched, distributed, adopted and installed in time.”
In the mean time, Forbes advises Android users to:
- Take action if they experience advertisements displayed at off times, such as when they open WhatsApp.
- Go to the Android settings, then apps and notifications section. Next, under the app info list, look for suspicious applications with names like Google Updater, Google Installer for U, Google Powers and Google Installer. Click into the suspicious application and uninstall it.
- Ultimately, staying away from unofficial Android app stores might also help, given Google’s extra protections designed to prevent malware from getting on the site.
Read Last Week’s Incident: “Dominion National Finds Evidence of Data Breach Nearly a Decade Later”