Agent Smith malware replaces legit Android apps, over 1.5 crore devices affected in India

Must Read

President Ram Nath Kovind appoints new governor for Kerala, Telangana, Himachal Pradesh and Maharashtra

President Ram Nath Kovind appointed new governors for Maharashtra, Kerala, Telangana, Rajasthan, and Himachal Pradesh on Sunday. https://twitter.com/ANI/status/1168037199767457792 Former Union Minister Kalraj...

NRC list for Assam released; Fear looms as 19 lakh people face exclusion

NRC (National Register of Citizens) for Assam has been published at 10 am today. The final list excludes over...

Lateral Entry Era Begins as Union govt. appoints 9 professionals to Joint Secretary posts

The government has appointed its first batch of private professionals to the post of Joint Secretary in various ministries....
Saurabh Joshi
Hey Guys!!! I am a regular Content Writer here and I bring to you the latest and the hottest Tech related news and blogs. I hope you enjoy reading my content and are learning something new everyday. Thanks and have a nice day!!!

Researchers seemed to have discovered a new malware that is affecting Android smartphones by replacing portions of apps with its own code. The malware has reportedly affected over 25 million Android devices globally, with around 15 million devices affected in India alone.

Dubbed as Agent Smith, the malware has been found exploiting known weaknesses in the Android operating system to replace legitimate installed apps on the device with malicious versions without requiring users’ intervention.

Check Point, who discovered the malware earlier this year, says it tracked down its operators to a Chinese tech company located in the city of Guangzhou. The company researchers further said, it operates a front-end legitimate business that helps Chinese Android app developers publish and promote their apps on overseas platforms.

However, Check Point also added that it found has ads for job roles that were consistent with operating the Agent Smith malware infrastructure and had no connection to the company’s real business.

The job listings can be traced back to 2018 when Check Point says the first versions of the malware also started appearing. Researchers didn’t share any other details about the company, citing an ongoing law enforcement investigation.

How Agent Smith works?

It leverages a three-stage infection chain in order to build a botnet of devices that are controlled from a command-and-control (C&C) server to issue malicious commands.

  • The entry point is a dropper app, which the victim installs on an Android device voluntarily. These are usually repackaged versions of legitimate apps like Temple Run with additional code.
  • The dropper app automatically installs a malware app — essentially an Android package (.APK) file — whose icon remains hidden from the home screen launcher. They also escape detection by disguising themselves as Google-related updaters.
  • The core malware APK extracts the list of installed apps on the device, and scans it against a “prey list” of apps — either hard-coded or issued from the C&C server. If it finds a match, it extracts the base APK file of the target app, injects the APK with malicious ad modules, and installs the new ‘copycat’ version of the app as if it were a regular app update.

“Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like ‘Agent Smith,” said the report. In addition, users should only be downloading apps from trusted app stores to mitigate the risk of infection as third party app stores often lack the security measures required to block adware loaded apps.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest News

PM Modi urges diaspora to help boost tourism

Houston, Sep 23 (IANS) Prime Minister Narendra Modi urged Indian Americans to help boost tourism in India by bringing...

‘Majama che, sob khub bhalo’: PM Modi says at ‘Howdy Modi’

Houston, Sep 23 (IANS) Prime Minister Narendra Modi, addressing a crowd of 50,000 cheering Indian Americans, said the answer to the question 'Howdy Modi'...

PM Modi leaves for New York after Howdy Modi event

Houston, Sep 23 (IANS) After the hugely successful 'Howdy Modi' event in Houston that saw US President Donald Trump share the stage with him,...

Will sit down with President Trump for positive deals: PM Modi

Houston, Sep 23 (IANS) Prime Minister Narendra Modi pitched India as an attractive investment destination and said that with the "economic miracle" being wrought...

No plans to meet with Rouhani at UN: Trump

Washington, Sep 23 (IANS) President Donald Trump said Sunday that he had no plans to meet with Iranian President Hassan Rouhani during the UN...
- Advertisement -

More Articles Like This