More than 25 million smartphones infected with new malware hidden in WhatsApp

An investigation conducted by system audit specialists from the security firm Check Point has revealed the existence of new smartphone malware; dubbed “Agent Smith”, this malware has already infected more than 25 million users worldwide, mainly in India, where around 15 million cases of infection have been detected.

This malware hides from the user disguising
itself as an app developed by Google; later, Agent Smith begins to remove the
apps installed on the device, replacing them with fake versions, exploiting
some known vulnerabilities in the Android
operating system.

According to system audit experts, this malware
variant can also be used to display advertisements about fraudulent businesses,
but due to its advanced capabilities it can be used for more harmful purposes
to the user. However, experts have not yet confirmed whether Agent Smith has
been used for such purposes.

In recent years, multiple similar malware
variants have been detected infecting Android systems, such as the popular
CopyCat, Gooligan and HummingBad. These three malicious apps infected thousands
of devices to generate revenue close to $1M USD with fake advertising. 

Check Point’s system audit experts claim that
Agent Smith was found in 9Apps, a popular third-party app store and focuses
primarily on Russian, Hindi, Indonesian and Arabic speakers. Although most of
the victims are in these countries, mainly in India, some cases have been
identified in the U.S., Australia and the United Kingdom.

As a precautionary measure, the International
Institute of Cyber Security (IICS) advises Android users not to install apps
available outside the official Google Play Store platform, as it is common for
apps developed by third parties they do not have the security measures required
to block tools like those in Agent Smith code.

Finally, Check Point’s research revealed that,
over the past month, the most commonly used malware variants detected were
Lotoor, Triad and Ztorg. The main function of Lotoor is to display ads on the
infected device; Triada is a modular backdoor for Android, while Ztorg is a
malware to generate privileges escalations on the operating system that can
also install other applications on the device.

You may also like...