Home / Technology / 25 million Android phones infected with malware that "hide in WhatsApp"

25 million Android phones infected with malware that "hide in WhatsApp"




<div _ngcontent-c14 = "" innerhtml = "

Up to 25 million Android phones have been affected by malware that replace installed applications such as WhatsApp with diabolical versions that serve as advertisements, cybersecurity researchers warned.

Nicknamed Agent Smith, the malware abuses the known weaknesses of the Android operating system, making the update to the latest corrected version of Google's operating system a priority, said the Israeli security company Check Point.

Most of the victims are based in India, where 15 million people have been infected. But there are more than 300,000 in the United States, with 137,000 others in the UK, making it one of the most serious threats that have recently hit Google's operating system. .

The malware has spread via a third-party application store, 9apps.com, which is owned by the Chinese company Alibaba, rather than the official Google Play store. Typically, such non-Google Play attacks focus on developing countries, making the success of hackers in the United States and the United Kingdom even more remarkable, Check Point said.

While the replaced applications will broadcast malicious ads, anyone hiding behind these hacks could do worse, Check Point warned in a blog. "Because of its ability to hide its launcher icon and to mimic all existing popular applications on a device, there are endless possibilities for this type of malicious program to harm a user's device. ", wrote the researchers.

They said they warned Google and the relevant security forces. Google had not provided any comment at the time of publication.

The attack usually works as follows: users download an application from the store – usually a photo utility, games or apps for adults (Kiss Game: Touch Her Heart is illustrated with a cartoon of a man kissing a lightly dressed woman). This application then installs malicious software in silent mode, disguised as a legitimate Google update tool. No icon appears for that on the screen, which makes it even more discreet. Legitimate applications – from WhatsApp to Opera browser, etc. – are then replaced by a malicious update to serve bad ads. The researchers said the ads themselves were not malicious in itself. But in a typical advertising fraud scheme, each click on an injected advertisement returns money to hackers, as in a typical pay-per-click system.

It seems that hackers are considering switching to Google Play. Check Point researchers said they found on the Google store 11 apps containing a "dormant" hacker software item. Google has quickly removed these apps.

Check Point thinks that an unnamed Chinese company based in Guangzhou is creating malware, while it operates a business that helps Chinese Android developers promote their applications on foreign platforms.

Alibaba had not responded to a request for comment on the proliferation of malware on the 9apps platform at the time of publication.

What can you do?

So what can anxious owners of Android? Aviran Hazum, Head of Analysis and Cyber ​​Response for Check Point, said that if users encountered advertisements displayed from time to time, such as when opening WhatsApp, they should take action . Of course, the legitimate WhatsApp does not broadcast ads.

First, go to the Android settings, then in the apps and notifications section. Then go to the list of application information and look for suspicious applications with names such as Google Updater, Google Installer for U, Google Powers and Google Installer. Click on the suspicious application and choose to uninstall it.

Otherwise, staying away from unofficial Android application shops might be helpful, given Google's additional protections designed to prevent malware from entering the site. Not that Google's efforts are still paying off. Earlier this week, a Warning came out about an Android malware spreading on Google Play that consisted of a screen recording of users' banking sessions.

">

Up to 25 million Android phones have been affected by malware that replace installed applications such as WhatsApp with diabolical versions that serve as advertisements, cybersecurity researchers warned.

Nicknamed Agent Smith, the malware abuses the known weaknesses of the Android operating system, making the update to the latest corrected version of Google's operating system a priority, said the Israeli security company Check Point.

Most of the victims are based in India, where 15 million people have been infected. But there are more than 300,000 in the United States, with 137,000 others in the UK, making it one of the most serious threats that have recently hit Google's operating system. .

The malware has spread through a third-party application store, 9apps.com, owned by the Chinese company Alibaba, and not the official Google Play store. Typically, such non-Google Play attacks focus on developing countries, making the success of hackers in the United States and the United Kingdom even more remarkable, Check Point said.

While the replaced applications will broadcast malicious ads, anyone hiding behind these hacks could do worse, Check Point warned in a blog. "Because of its ability to hide its launcher icon and to mimic all existing popular applications on a device, there are endless possibilities for this type of malicious program to harm a user's device. ", wrote the researchers.

They said they warned Google and the relevant security forces. Google had not provided any comment at the time of publication.

The attack usually works as follows: users download an application from the store – usually a photo utility, games or apps for adults (Kiss Game: Touch Her Heart is illustrated with a cartoon of a man kissing a lightly dressed woman). This application then installs malicious software in silent mode, disguised as a legitimate Google update tool. No icon appears for that on the screen, which makes it even more discreet. Legitimate applications – from WhatsApp to Opera browser, etc. – are then replaced by a malicious update to serve bad ads. The researchers said the ads themselves were not malicious in itself. But in a typical advertising fraud scheme, each click on an injected advertisement returns money to hackers, as in a typical pay-per-click system.

It seems that hackers are considering switching to Google Play. Check Point researchers said they found on the Google store 11 apps containing a "dormant" hacker software item. Google has quickly removed these apps.

Check Point thinks that an unnamed Chinese company based in Guangzhou is creating malware, while it operates a business that helps Chinese Android developers promote their applications on foreign platforms.

Alibaba had not responded to a request for comment on the proliferation of malware on the 9apps platform at the time of publication.

What can you do?

So what can anxious owners of Android? Aviran Hazum, Head of Analysis and Cyber ​​Response for Check Point, said that if users encountered advertisements displayed from time to time, such as when opening WhatsApp, they should take action . Of course, the legitimate WhatsApp does not broadcast ads.

First, go to the Android settings, then in the apps and notifications section. Then go to the list of application information and look for suspicious applications with names such as Google Updater, Google Installer for U, Google Powers and Google Installer. Click on the suspicious application and choose to uninstall it.

Otherwise, staying away from unofficial Android application shops might be helpful, given Google's additional protections designed to prevent malware from entering the site. Not that Google's efforts are still paying off. Earlier this week, a warning was issued about Android malware spreading on Google Play that consisted of a screen recording of users' banking sessions.


Source link