A new Android malware has been discovered to have affected over 15 million smartphones in India alone and 25 million devices worldwide. The malware, labelled ‘Agent Smith’ replaces portions of legit Android apps with malicious codes of its own without the user’s knowledge.
Security researchers from Check Point spotted the vulnerability and named the malware “Agent Smith” for the way it attacks a device and avoids detection. It’s reported that while the malware doesn’t steal data from users, it forces more ads to show on a user’s phone for the operator’s profit.
The malware first checks if a phone has installed apps that are compiled in its “hit list”. These apps can be anything that was directly installed from the Google Play Store as well. The malware then installs the malicious codes onto these apps without the knowledge of the user.
The report also reveals that if the malware witnesses an app from its list added to a phone, it will extract the app’s APK, modify it and then install the infected duplicate version to replace the original app. The malware also utilises another exploit to bypass Android’s sector system which checks for an app’s background behaviour.
When infected, Agent Smith will be able to serve ads on users’ smartphones with phishing and scam screen which are displayed for the attacker’s financial gain.
Check Point indicates that the malware has been able to spread through third-party app stores like 9Apps which is popular in India. Besides India, Agent Smith has also affected users in the US, Australia, UK, Bangladesh and Pakistan. The malware mainly targets Hindi, Arabic, Indonesian and Russian speakers.