25 Million Android Phones Infected With Fake Apps

‘Agent Smith’ malware replaces legitimate installed apps (such as WhatsApp) with malicious versions

Security researchers at Check Point Research have warned about a new strain of malware impacting millions of Android smartphones.

The malware, dubbed ‘Agent Smith’ (from the Matrix trilogy of movies), has according to the Check Point blog, “quietly infected around 25 million devices, while the user remains completely unaware.”

And although the malware doesn’t steal data, it seems the malware is actually pretty nasty, as it replaces legitimate installed apps (such as WhatsApp) with malicious versions.

Android malware

“Disguised as Google related app, the core part of malware exploits various known Android vulnerabilities and automatically replaces installed apps on the device with malicious versions without the user’s interaction,” warned Check Point.

Essentially, ‘Agent Smith’ uses its “broad access to the device’s resources to show fraudulent ads for financial gain.”

Check Point said the malware is currently mostly targetting Android devices in India, although other Asian countries such as Pakistan and Bangladesh are also affected.

So although ‘Agent Smith’ is not involved in the theft of user’s data, it is being used for financial gain through the use of malicious advertisements.

“However, it could easily be used for far more intrusive and harmful purposes such as banking credential theft,” warned Check Point. “Indeed, due to its ability to hide it’s icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device.”

Check Point said that it was warned Google and law enforcement units to facilitate further investigation. It said that it has worked closely with Google and at the time of publishing, no malicious apps remain on the Play Store.

Malicious apps are often found on the Google Play Store. In February for example Bitdefender found that malware strain (called Triout) with “massive” surveillance capabilities had been repackaged to run invisibly alongside a popular privacy tool.

It recorded phone calls, logged incoming text messages, recorded videos, took pictures and collected the device’s GPS coordinates.

Mobile wars

One security expert has warned that smartphone users have to be especially careful these days of cyber threats.

“The primary battlefield in the hacking wars has shifted to the mobile device,” said John Gunn, CMO at OneSpan. “Criminal hacking organisations are relentless in creating novel ways to use social engineering and compromised apps as the first stage in their attacks.”

“Intelligent firms with a strong security posture can still readily defend their transactions with a combination of application shielding, continuous monitoring of user devices, and biometric authentication with risk analysis,” Gunn added.

Another expert picked up upon the ability of the ‘Agent Smith’ malware to replace installed apps like WhatsApp with fake versions which serve up malicious ads.

“As the news breaks that 25 million Android phones have been infected with malware that replaces installed apps like WhatsApp with fake versions that serve up malicious adverts, it highlights the threat of ‘malvertising’ which has been steadily growing over the last few years,” said Dr Darren Williams, founder and CEO of BlackFog.

“It can be extremely difficult for the average consumer to identify a malicious advert, because they often appear via legitimate and reputable advertising networks – or apps, like has happened here,” said Dr Williams.

“Consumers need to be more vigilant about the apps which they are downloading onto their phones – many mobile applications collect information about what users are doing, and what many users don’t realise is that they’re the subject of unauthorised data collection each time they go online,” he added.

“They are at the mercy of malicious actors,” he said. “That’s why consumers need to protect themselves to stop falling victims to these sophisticated attacks and prevent any personal data from leaving their devices.”

Do you know all about security? Try our quiz!