'Agent Smith' malware replaces Android apps with fake ones on 25 million devices

Researchers have discovered a new malware affecting Android smartphones that replace portions of apps with its own code. The malware has reportedly affected 25 million Android devices globally, of which 15 million devices are in India alone. Named ‘Agent Smith’, the malware was discovered by researchers at security firm Check Point , who have found that it exploits known weaknesses in the Android operating system to replace legitimate installed apps on the device with malicious versions without requiring users’ intervention. [caption id=“attachment_5504641” align=“alignnone” width=“1024”] Representational Image.[/caption] Notably, the malware doesn’t steal data from you, instead, it forces the hacked apps to display more ads or takes credit for the ads that the apps already display so that the malware’s operator can profit off the fraudulent views. According to Check Point, the malware looks for known apps on a smartphone like WhatsApp, Opera Mini, or Flipkart, and then replaces portions of their code and prevents them from being updated.

The origin of the malware was traced back to a third-party app store called 9Apps. The malware would be hidden inside “barely functioning photo utility, games, or sex-related apps,” Check Point writes. Reportedly, once a user downloads the affected apps, the malware disguises itself as a Google-related app, with a name like “Google Updater,” and then begins the process of replacing code on legitimate apps on the device. Researchers also reveal infection distribution by smartphones brands in India, and found that among the popular brands, Samsung devices were most affected in the country, with 26 percent Samsung phones infected. 6.1 percent Xiaomi phones, 5.5 percent Vivo phones, and 5 percent Micromax phones were also affected. [caption id=“attachment_6973221” align=“alignnone” width=“796”] The infection distribution by smartphone brands in India. Source: Check Point[/caption] While 15 million smartphones were infected by Agent Smith in India, the US was also hit with 300,000 infected devices. Reportedly, Agent Smith malware also made its way to the Google Play Store with 11 apps on the platform, which included code related to a simpler version of the malware. Google, however, has now removed all of the discovered malicious apps. Interestingly though, the vulnerability that let Agent Smith take over the app was actually patched several years ago in Android, however, many developers have not updated their apps to take advantage of it.