Android is the target of a new malware named Agent Smith, report Checkpoint’s cybersecurity experts. In order to massively broadcast advertisements on your smartphone, malware installs fake apps instead of yours by taking advantage of a serious security hole. Since 2016, 25 million mobile phones have been infected by Agent Smith.
Agent Smith is a dangerous malware that can replace applications installed on your smartphone with fake applications, warn Checkpoint researchers. To achieve this, the malware exploits a security breach called “Janus”. The breach allows an attacker to collect the list of Android applications installed on a smartphone and remotely download dummy versions (full of fraudulent and intrusive ads) to replace them. Once it’s done, hackers just have to collect advertising revenue from the ads.
The Android Agent Smith malware floods smartphones with ads: here are the infected apps
According to Checkpoint, Google has corrected the Janus flaw by adding code in an Android 7 Nougat security patch in 2017. Unfortunately, all smartphones confined to Android 6 Marshmallow, Android 5 Lollipop and Android 4 Kit Kit are still vulnerable. Slightly more than 20% of Android users are still the target of Agent Smith, says Google Android distribution table .
Unsurprisingly, the malware is spreading through bribe-filled APKs on alternative stores like 9Apps, or seemingly legitimate apps on the Google Play Store. During their investigation, the researchers discovered 11 Play Store apps that were infected by Agent Smith . Warned by Checkpoint, Google has promptly banned apps from its store. Here is the complete list:
Given his code, Agent Smith is capable of much worse than spreading simple ads. According to the Checkpoint report, the malware could eventually take advantage of it to collect the passwords of its victims on social networks and banking applications. “Tomorrow, the malware could steal sensitive information, such as private messages or bank references,” says Checkpoint. Among the fake applications most used by malware, there is notably a fraudulent version of WhatsApp, whose APK is offered for sale on the dark web.
The malware has mostly wreaked havoc in countries such as India, Pakistan, Russia, the US and Bangladesh. “Users should only download applications from trusted application stores to mitigate the risk of infection because third-party application stores often do not have the security features required to block applications loaded with a particular application. adware” said S.Jonathan, head of research at Checkpoint. To detect the presence of malware, we invite you to install one of these free Android antiviruses.