Researchers from cyber-security firm, Check Point, have detailed a new mobile malware that they claim has infected around 25 million devices, largely in India, Pakistan and Bangladesh. Named ‘Agent Smith’ for its stealthy approach, the malware apparently disguises itself as a Google-related app and, “automatically replace(s) genuine apps on the device with malicious versions without the user’s interaction”.
As per the report, the malware uses its broad access to the device’s resources to show fraudulent ads in an approach that’s eerily similar to earlier campaigns, such as Gooligan, HummingBad and CopyCat. However, the actors behind Agent Smith are reportedly exploiting new Android vulnerabilities, such as Janus, Bundle and Man-in-the-Disk, “to achieve a 3-stage infection chain, in order to build a botnet of controlled devices to earn profit for the perpetrator”.
According to Check Point, “Agent Smith is possibly the first campaign seen that ingrates and weaponized all these loopholes”. While it is currently only being used to show malicious advertisements, researchers fear that it could easily be used for “far more intrusive and harmful purposes, such as banking credential theft” because of its ability to hide it’s icon from the launcher and impersonate any number of popular existing apps on a device.
Thankfully, though, Google has reportedly pulled down all malicious apps infected with Agent Smith, and no known apps infused with the malware is available for download on the Play Store anymore. Check Point also said it is working closely with Google and law enforcement agencies to help investigate the matter further.