According to U.S security researches, 25 million Android devices have been infected with a new type of malware which disguises its self as a legitimate app on user’s phones. The hacked phones are mainly in the U.S and India.
The malware virus is called ‘Agent Smith’ a nod to the fictional character from the movie, ‘The Matrix’ who has the ability to make copies of himself, was found by the security firm Check Point on Wednesday and affects users on Android devices.
The virus doesn’t steal the user’s data but instead replaces an app on the user’s phone with hacked versions of popular Android apps which display advertisements selected by the hackers. The hackers can then profit off the ad revenue from the hacked version of the app.
In order for the virus to stay incognito on a user’s Android device, it can replace the source code in apps such as Flipkart or WhatsApp which prevents the applications from updating.
It is thought that around 15 million Android devices across the globe have been affected by the malware with the most cases found in India, but others have been found in the U.S., Asia, the United Kingdom, and Australia.
The virus stealthily attacks user-installed applications making changes to the application without anyone ever knowing their phone has been hacked. This makes it a huge challenge for most Android users to handle the threat on their own.
‘Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like ‘Agent Smith”, says Jonathan Shimonvich who is the head of Mobile Threat Detection Research at Check Point, the company that first detected the malware.
“Agent Smith” operates like a trojan horse virus. Malicious code was hidden into photo apps and sex-related apps by the hackers and the replica programs were downloaded for the third-party app store, 9Apps
Once the app was downloaded the malware would look like a legitimate version of the app and would replace the code without the user ever knowing they have been infected.
The Verge also reported that the hackers also tried to infect Android users through the Google Play store, but Google thwarted the attempts by removing the 11 apps found to have malicious code on the app store
Letting hackers include their code was a known vulnerability. A few years ago a patch was released for this known threat, however, some developers failed to patch their apps leaving them wide open to attack.
Check Point has made a statement offering advice on how not to be affected by malware-infected apps, such as Agent Smith.
Their advice was to only download apps from trusted app stores. Third-party app stores don’t have the security measures in place to thwart attacks such as these.
