Do you see an ad popping up while opening WhatsApp? If yes, then you are hit by a new malware called 'Agent Smith'. The newly discovered Android malware has already infected 2.5 crore devices with most of the victims located in India where as many as 1.5 crore devices are infected. Even in the US, nearly 3 lakh devices are said to be infected, making it one of the worst attacks on Android operating system in the recent memory.
The malware has been nicknamed, 'Agent Smith', owing to the methods it uses to attack an Android device without getting noticed. The malware is known to only display advertisements and for now, it does not steal any data. According to the Israeli security firm, Check Point, the malware is "disguised as a Google-related application, and exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without users' knowledge or interaction."
The malware uses its broad access to the devices' resources to show fraudulent ads for financial gain, but could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping. This activity resembles previous malware campaigns such as Gooligan, Hummingbad and CopyCat, Check Point added.
In general, the malware gets injected when a user downloads an app from a third party app store. The app installs the malware, masked as a legitimate Google updating tool. The installed app does not show off an icon on the screen. The legitimate apps like WhatsApp are then altered and replaced with an malicious update which then serve ads.
Malware has spread as several users give official Google Ply Store a miss and download apps from third party app stores like 9apps.com . It is targeted at mostly Hindi, Arabic, Russian, Indonesian speaking users. "So far, the primary victims are based in India though other Asian countries such as Pakistan and Bangladesh have also been impacted. There has also been a noticeable number of infected devices in the United Kingdom, Australia and the United States," said Check Point.
The malware is capable of hiding its icon from the phone's launcher and can pose as any popular app like WhatsApp to serve advertisements. This is just one of the possible ways the malware can use the affected device to send money back to the hackers, as per a typical pay-per-click system.
Edited By: Udit Verma