Two days ago, Check Point researchers reported a new mobile malware attack called ‘Agent Smith’ which infected around 25 million Android devices. This malware is being used for financial gains through the use of malicious advertisements. The malware, concealed under the identity of a Google related app, exploited known Android vulnerabilities and automatically replaced installed apps with their malicious versions, without any consent of the user.
The primary targets of this malware are based in Asian countries, especially India with over 15 million infected devices, Pakistan, Bangladesh, Saudi Arabia, UK and around 300k devices infected in the U.S. Currently, no malicious apps remain on the Google Play Store. However, before being removed, the malicious apps were downloaded over 10 million times. Researchers have estimated over 2.8 billion infections in total, on around 25 Million unique devices.
Image Source: Check Point Research
A preliminary investigation revealed that the app strongly resembled Janus vulnerability abuse which was discovered in 2017 and allowed attackers to modify the code in Android applications without affecting their signatures. These malicious apps had the ability to hide their app icons and claim to be Google related updaters or vending modules. Check Point researchers found that Agent Smith’s attack also resembled previous malware campaigns against Android apps, like Gooligan, HummingBad, and CopyCat.
The Agent Smith malware basically attacks in a step by step manner:
Image Source: Check Point Research
During the final update installation process, Agent Smith relies on the Janus vulnerability to bypass Android’s APK integrity checks. Finally, Agent Smith hijacks the compromised user apps, to show malicious advertisements.
The hackers have used Agent Smith for financial gain only until now. However, with its ability to hide its icon from the launcher and successfully impersonate any popular existing app on a device, Agent Smith can cause serious harms like banking credential theft, shopping, and other sensitive apps.
It has also come to light that Google had fixed Janus vulnerability, in 2017 but the fix has not made its way onto every Android phone.
“Android users should use ad blocker software, always update their devices when prompted, and only download apps from the Google Play Store”, said Dustin Childs, the communications manager at a cybersecurity company Trend Micro.
Many Android users have expressed their concern about the Agent Smith malware attack.
Few iOS users, now say that its Google’s security vulnerabilities that make users opt for iOS phones.
A Redditor comments, “This is unfortunately why I am still an Apple customer. I do not trust android to keep my information safe. Hey Google, how about I pay you a $15 per month subscription and you stop using spyware on me?”
According to the researchers, the malware appears to be run by a Chinese Internet company located in Guangzhou that claims to help Chinese Android developers publish and promote their apps on overseas platforms. Check Point researchers have submitted their report to Google and law enforcement units, to facilitate further investigation. The names of the malicious actors have not yet been revealed. Google has not yet released any official statement warning Android users about the Agent Smith malware attack.
For more details about the attack, head over to Check Point research page.
An IoT worm Silex, developed by 14 year old resulted in malware attack and taking down 2000 devices
React Native 0.60 releases with accessibility improvements, AndroidX support, and more
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…