Written by: Vikas Jha
protect your Android device from “Agent Smith Malware”
In a latest cyber-attack, more than 25 million Android phones have been infected with a malware dubbed “Agent Smith Malware”. India is the most affected with 15 million so far but is not the sole country to have seen the attack. There are other major countries which have been impacted, such as US, UK, Hungary, Pakistan, Bangladesh and others etc.
A letter written on July 19 by the IT department referred to the figures publicized by Check Point, a private cyber security company. The company came to know about the malware intruding into the genuine apps with mischievous forms. The malware moved in phones by means of apps downloaded from Google Play that subsequently takes advantage of the susceptibilities devoid of the user’s awareness or communication.
Nonetheless Google proclaimed that it has cleaned its App Store of the malware, Agent Smith is infiltrating mobile phones by means of untrustworthy third party app stores, for an instance 9Apps (a third-party Android app store supported by UCWeb). The malware takes place of the prevailing applications such as WhatsApp, Share IT, MX Player, JIOTV, Flipkart, Truecaller and Dailyhunt.
Majority of infestations are on devices operating on Android 5 and 6 versions. The malware contaminates the device through undesirable advertisements/popups for mobile anti-virus, adult games, enrich selfie camera, etc. This accumulates private information and banking authorizations of the user.
Google has recognized and removed 16 apps from the PlayStore, but it can’t annihilate these apps from a person’s Android phone. The Android consumers are recommended to download apps from dependable app stores, such as Google Play, rather than from ‘Unknown Sources’. As per many Cyber experts, users generally download adult game apps, reformed versions of apps and cheat code files from anonymous sources which may be the root cause to leaking of private information.
Experts advice not to install applications being showed as .apk files or in any other hidden format in any message or link and keep operating systems working at the existing unconfined patch level. Moreover, users should uninstall apps that are no longer working.
Agent Smith is a “modular malware” that takes advantage of a sequence of Android defenselessness to change authentic prevailing apps. Modular malware is an unconventional menace that assaults a system in altered phases. Rather than attacking through the visible door, modular malware put to use an elusive methodology. The mischievous app rather than taking data replaces huge number of adverts to the user or steal credit from the device to compensate for adverts previously aided.
The malware got its “Agent Smith” nickname, owing to the similarity with the notorious Matrix character who is considered as a virus. The Check Point research team throws logic that the ways and means the malware utilizes to transmit are comparable to Agent Smith’s methods in the film series.
“Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like “Agent Smith.” – Check Point
The nearest country in terms of the malware attack is Bangladesh, with approximately 2.5 million devices manipulated. Apart from this, there were more than 300,000 Agent Smith attacks in the US and approximately 137,000 in the UK.
As per Check Point Research, the Agent Smith malware is propagated from a Chinese company that aids Chinese Android creators bring out and endorse apps in overseas markets.
The malware initially became visible on the third-party app store “9Apps”. The third-party app store aims Indian, Arabic, and Indonesian consumers, which corroborates the noteworthy amount of malware attacks in those regions. It is an upright motive to dodge downloading Android apps from third-party app sources.
Agent Smith malware operates in three stages:
- A dropper app entices the target to install the malware willingly. The first dropper comprises encoded malevolent files and typically takes the form of “hardly operational photo service, games, or adult apps”
- The dropper decodes and installs the nasty files. The malware utilizes Google Updater, Google Update for U, or “com.google.vending” to camouflage its movement
- The fundamental malware generates a list of installed apps. If an app equals its “prey list,” it spots the target app with a wicked advertising building block, switching the genuine as if it was a normal app update
The victim list includes WhatsApp, Opera, SwiftKey, Flipkart, and Truecaller, among others.
It is quite easy to find Agent Smith. If your habitually used apps unexpectedly start generating an awe-inspiring extent of adverts, it is a certain mark that something is off beam. The ads the malware aids are challenging or impossible to exit, which is another sign. So, beware!