The latest report estimates that there are 25 million Android smartphones infected with malware named Agent Smith. This malware is known to replace applications that Android devices install with malicious versions of advertisements.
The Israeli security company Check Point who discovered this malware called Agent Smith exploiting various weaknesses on Android.
After that, this malware replaces the application installed on the user's device without being noticed. So, how do you prevent being victimized by Agent Smith? One way to not become a victim of this malware is to download the application from an official or trusted store.
The reason is that malware Agent Smith mostly comes from downloads in third-party application stores called 9Apps. Keep in mind, such stores often don't have security features to block applications with adware.
While for Android devices that have been infected with Agent Smith malware or users who want to know whether the device is a victim of this malware, can try the following methods.
- Open the Settings Menu
- Click Apps or Application Manager
- Look for suspicious and delete applications.
For the record, to find out whether an application has been exposed to Agent Smith malware, users need to open it first and look for irregularities.
For example, if a user has WhatsApp that displays advertisements, we can be sure the application is dangerous and needs to be deleted.
There are also several applications that can be deleted immediately when they are found, such as Google Updater, Google Installer for U, Google Powers and Google Installer.
25 Million Androids Infected with Malware Agent Smith
Quoting Forbes page, Friday (07/12/2019), most victims of Agent Smith malware are in India. At least 15 million Android devices are infected.
Meanwhile, in the United States, there are more than 300 thousand Androids infected, and 137 thousand Android devices affected in the UK.
The large number of infected Android devices makes malware Agent Smith one of the most severe attacks on Android.
For your information, this malware spreads through 9apps.com third party application stores owned by Alibaba.
Usually attacks from non-Google Play applications target Android users in developing countries.
Seeing this attack mostly paralyzes Android in the US and UK, Check Point says, hackers who spread Agent Smith are quite successful in carrying out their actions.
Not only changing applications with other applications full of advertisements, hackers can do worse.
"Because of its ability to hide icons from launchers and masquerading as a popular application on the device, it is possible that this malware can damage the user's device," said the researchers at Counter Point.
The researchers said they had warned Google and a number of law enforcement agencies. However, Google has not yet commented on the interview request.
How do attacks work?
Usually, malware attacks occur when users download applications from 9apps.com, for example photo editing applications, games, even theme applications.
One of them is the Kiss Game application: Touch Her Heart which is advertised with male cartoon characters kissing women.
This application secretly installs malware, disguising it as a legitimate Google update tool. The zero icon that appears for the application on the screen makes this malware more hidden.
Legitimate applications, such as WhatsApp, Opera browser, etc., are then replaced with malicious application updates so that they display ads.
The researchers say, the ads displayed are not dangerous. However, on the scale of advertising fraud, each click on the injected ad will send money back to the hacker.
There are some indications that the attacker is now switching to the Google Play app store.
Check Point researchers found that 11 applications on the Google Store that contained hacking software were inactive and Google had dropped the application.
Check Point suspects that Chinese companies based in Guangzhou have developed the intended malware. Meanwhile, the promotion is assisted by several other parties.
Unfortunately, Alibaba itself still hasn't given any response regarding malware that appears on their 9gapps.
No comments