Operating System

15 Million Android Devices in India Infected by Newly Discovered Malware, Check Point Research Claims

Posted on in Operating System
15 Million Android Devices in India Infected by Newly Discovered Malware, Check Point Research Claims

Agent Smith replaces existing Android apps with malicious versions to show fake ads

Highlights
  • The malware was distributed via a popular third-party app store
  • It is similar in activity to CopyCat, Gooligan, HummingBad malwares
  • Agent Smith mainly targeted Arabic, Hindi, Indonesian speakers

A new smartphone malware called “Agent Smith” has been found that has infected 25 million devices worldwide, including 15 million in India, Check Point Research claims. The malware disguises itself as a Google-related application and then replaces installed applications with malicious versions of them using known Android vulnerabilities without users’ knowledge. Separately, the cyber threat intelligence firm has released the top three malware that were active in June, including Lotoor, which is mainly used to display ads, but is also able to get access to sensitive user data.

As per a press note shared by Check Point Research, the Agent Smith malware uses its access to Android devices to show fake ads for financial gain, but given its access, it can also be used for more nefarious purposes. However, it is unclear if the malware has been doing so.

Check Point Research notes that the activity of Agent Smith resembles closely to how other malware like CopyCat, Gooligan, and HummingBad have operated in the recent years. All three malware campaigns have used infected devices to generate fake ad revenue to the tune of millions of dollars.

“Disguised as a Google-related application, the malware exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without users’ knowledge or interaction,” the note adds.

According to the research firm, Agent Smith originated on popular third-party app store 9Apps and has targeted mainly Arabic, Hindi, Indonesian, and Russian speakers. Majority of the malware’s victims are based in India and neighbouring countries like Bangladesh and Pakistan. Check Point Research has also found infected devices in countries like Australia, UK, and USA.

 

Agent Smith infection world heat mapPhoto Credit: Check Point

Some of the apps that have been used to infect devices via 9Apps store are Color Phone Flash – Call Screen Theme, Photo Projector, Rabbit Temple, Kiss Game : Touch Her Heart, and Girl Cloth XRay Scan Simulator.

This is not all, after the initial attack vector via 9Apps, the creators of Agent Smith moved to Google Play Store and were able to push at least 11 malware laden app in the store. The apps included Blockman Go: Free Realms & Mini Games by Blockman Go Studio, Cooking Witch by Ghost Rabbit, Ludo Master – New Ludo Game 2019 For Free by Hippo Lab, Angry Virus by A-Little Game, Bio Blast – Infinity Battle: Shoot virus! by Taplegend, Shooting Jet by Gaming Hippo, Gun Hero: Gunman Game for Free by Simplefreegames, Clash of Virus by BrainyCoolGuy, Star Range by A-little Game, Crazy Juicer – Hot Knife Hit Game & Juice Blast by Mint Games Global, and Sky Warriors: General Attack.