alswart - stock.adobe.com
Mobile malware dubbed Agent Smith has infected about 25 million devices, mainly in India and other Asian countries, but other countries have also been affected, including the UK and US, according to security researchers at Check Point Software Technologies.
Disguised as a Google-related application, the malware exploits known Android vulnerabilities and automatically replaces installed apps – such as WhatsApp – with malicious versions without users’ knowledge or interaction. It then shows fraudulent ads to device owners, earning money for the cyber criminals behind the malware campaign.
Although Agent Smith currently uses its broad access to the devices’ resources to show fraudulent ads for financial gain, the researchers warn that it could be adapted easily for far more intrusive and harmful purposes, such as banking credential theft and eavesdropping, as seen in malware campaigns such as Gooligan, Hummingbad and CopyCat.
“The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,” said Jonathan Shimonovich, head of mobile threat detection research at Check Point.
“Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like Agent Smith.”
Also, said Shimonovich, mobile device users should download apps only from trusted app stores to mitigate the risk of infection because third-party app stores often lack the security measures required to block adware-loaded apps.
Agent Smith was originally downloaded from the widely used third-party app store 9Apps and targeted mostly Hindi, Arabic, Russian and Indonesian-speaking users.
Read more about mobile malware
- iOS and Android apps equally vulnerable to being exploited remotely by malware, report reveals.
- End-user computing professionals must embrace modern Windows and mobile malware protection technologies to defend against ransomware and other attacks.
- Check Point mobile security data shows devices can come pre-installed with malware.
- What do mobile security statistics really mean? Here’s how to break them down.
The researchers said that, to date, most of the victims have been based in India, but other Asian countries, such as Pakistan and Bangladesh, have also been impacted, and there has also been a noticeable number of infected devices in the UK, Australia and the US.
The researchers have advised mobile users to uninstall any apps they suspect may be malicious by following these steps:
- Go to Settings Menu and click on Apps or Application Manager.
- Scroll to the suspected app and uninstall it.