A new Android virus has infected 25 million devices and modified legitimate apps with a malicious ad module, according to a report from the security company Check Point.
It is believed that the malware comes from a Chinese Internet company that helps Chinese Android developers to publish and promote their applications in foreign markets. The malware has been disguised as Google-related update programs and "sales modules", masking its own application icons and automatically replacing legitimate applications already installed by its own version, unblinded of the user. This led the researchers to name the malware "Agent Smith" because his behavior is similar to that of the character of the film. The matrix of the same name.
The malware first appeared in the popular third-party 9Apps app store and targeted mostly Indian, Pakistani and Bangladeshi users. However, of the 25 million devices affected, 303,000 infections were detected in the United States and 137,000 in the United Kingdom.
The modified applications include WhatsApp, Opera Mini, Flipkart, as well as Lenovo and Swiftkey software. The malware detected the installed applications, corrected them with a malicious ad module, and reinstalled them on the device. For the user, it just seems that the application is updated as expected. Once the update is complete, the malware owner can take advantage of recently added ads.
Check Point thinks the same malicious program could also be used for more malicious purposes, such as the theft of credit cards, according to the company's report, "because of [the malware’s] Being able to hide its launcher icon and mimic all existing popular applications on a device, there is an endless range of possibilities for this type of malware to harm the user's device. "
The security company said it submitted data to Google and law enforcement authorities. Since the publication of this publication, there are no malicious apps left on the Play Store. Nevertheless, the malware managed to survive as long as, despite the initial vulnerability, Agent Smith was based on an update of the fixes on Android many years ago, the developers have not sufficiently updated their applications.
Malware like this one "requires the attention and action of system developers, device manufacturers, application developers, and users, so that vulnerability fixes are fixed, distributed, adopted, and installed on time. "says Check Point.
This article was originally published on PCMag