alswart -

Agent Smith mobile malware hits millions of devices

New mobile malware that exploits Android vulnerabilities has infected millions of devices, security researchers have discovered

Mobile malware dubbed Agent Smith has infected about 25 million devices, mainly in India and other Asian countries, but other countries have also been affected, including the UK and US,  according to security researchers at Check Point Software Technologies.

Disguised as a Google-related application, the malware exploits known Android vulnerabilities and automatically replaces installed apps – such as WhatsApp – with malicious versions without users’ knowledge or interaction. It then shows fraudulent ads to device owners, earning money for the cyber criminals behind the malware campaign.

Although Agent Smith currently uses its broad access to the devices’ resources to show fraudulent ads for financial gain, the researchers warn that it could be adapted easily for far more intrusive and harmful purposes, such as banking credential theft and eavesdropping, as seen in malware campaigns such as Gooligan, Hummingbad and CopyCat.  

“The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,” said Jonathan Shimonovich, head of mobile threat detection research at Check Point.

“Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like Agent Smith.”

Also, said Shimonovich, mobile device users should download apps only from trusted app stores to mitigate the risk of infection because third-party app stores often lack the security measures required to block adware-loaded apps.

Agent Smith was originally downloaded from the widely used third-party app store 9Apps and targeted mostly Hindi, Arabic, Russian and Indonesian-speaking users.

Read more about mobile malware

The researchers said that, to date, most of the victims have been based in India, but other Asian countries, such as Pakistan and Bangladesh, have also been impacted, and there has also been a noticeable number of infected devices in the UK, Australia and the US.

The researchers have advised mobile users to uninstall any apps they suspect may be malicious by following these steps:

  • Go to Settings Menu and click on Apps or Application Manager.
  • Scroll to the suspected app and uninstall it.

Read more on Hackers and cybercrime prevention

Data Center
Data Management