New Delhi, Jul 11, 2019 : A new smartphone malware called “Agent Smith” has been found that has infected 25 million devices worldwide, including 15 million in India, Check Point Research claims. The malware disguises itself as a Google-related application and then replaces installed applications with malicious versions of them using known Android vulnerabilities without users’ knowledge. Separately, the cyber threat intelligence firm has released the top three malware that were active in June, including Lotoor, which is mainly used to display ads, but is also able to get access to sensitive user data, NDTV reported.
As per a press note shared by Check Point Research, the Agent Smith malware uses its access to Android devices to show fake ads for financial gain, but given its access, it can also be used for more nefarious purposes. However, it is unclear if the malware has been doing so.
"Disguised as a Google-related application, the malware exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without users’ knowledge or interaction," the note adds.
Check Point Research notes that the activity of Agent Smith resembles closely to how other malware like CopyCat, Gooligan, and HummingBad have operated in the recent years. All three malware campaigns have used infected devices to generate fake ad revenue to the tune of millions of dollars.
According to the research firm, Agent Smith originated on popular third-party app store 9Apps and has targeted mainly Arabic, Hindi, Indonesian, and Russian speakers. Majority of the malware’s victims are based in India and neighbouring countries like Bangladesh and Pakistan. Check Point Research has also found infected devices in countries like Australia, UK, and USA.
Check Point Research says the Android users should only use trusted app stores to download apps as “third party app stores often lack the security measures required to block adware loaded apps.”
In a separate press note, Check Point Research says Lotoor, Triada, and Ztorg topped the mobile malware list in June. While Lotoor’s main function is displaying ads, Triada is a modular backdoor for Android, which grants super user privileges to downloaded malware. Ztorg, on the other hand, obtains escalated privileges on Android devices and install itself in the system directory. The malware is also able to install any other application on the device.