Android users are being warned to watch out for a new type of malware that has already infected over 25 million smartphone devices worldwide.
Dubbed ‘Agent Smith’ by researchers at Check Point Technologies, the malware disguises itself as an official Google-related app to get installed within the user’s device.
By exploiting vulnerabilities within the Android operating system, the malware automatically replaces installed apps, such as WhatsApp, with a malicious version without the user even noticing. The new version then displays fraudulent ads to generate income for the crooks behind the scam.
Image: Agent Smith Attack Method (Source: Check Point)
At this stage, the malware appears to be more annoying than damaging; however, researchers believe it could potentially be used for much more dangerous purposes such as stealing sensitive bank details or spying on someone through a compromised webcam.
“Indeed, due to its ability to hide its icon from the launcher and impersonate existing user-trusted popular apps, there are endless possibilities for this sort of malware to harm a user’s device,” said Jonathan Shimonovich, head of mobile threat detection at Check Point.
The dangerous malware, named after the menacing character in the Matrix film series, is thought to have originated from a Chinese company that specialises in helping developers publish their apps in foreign markets.
The largest number of infected devices were in India, Pakistan, Bangladesh, and Indonesia. However, around 330,000 devices have been infected in the US, with a further 137,000 in the UK.
Image: Agent Smith Global Infection Rates
The app has spread rapidly throughout the world due to a vulnerability that was patched several years ago in Android but does not appear to have been routinely updated by developers. The global infection highlights the importance of regular app updates and android security patches.
To prevent your device from being infected you should:
If you believe your device has been infected with Agent Smith Malware, there are a number of steps you can take to remove the infected app from your device:
1. Go to Settings Menu.
2. Click on Apps or Application Manager.
3. Scroll to the suspected app and uninstall it.
4. If you are unable to find it, remove all recently installed apps.
1. Go to Settings Menu.
2. Scroll to ‘Safari’.
3. On the list of options, select ‘block pop-ups’.
4. Then go to ‘Advanced’ -> ‘Website Data’.
5. Delete any unrecognised sites
MetaPhish provides a powerful defence against phishing and malware attacks by training employees how to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business.