Malware 'Agent Smith' that 25 million Android devices are infected is found
A survey of security company Check Point Research found 25 million new types of malware infected worldwide. The malware, called 'Agent Smith (Agent Smith)' is replaced by the other apps to those of malicious code entering, as it can display unwanted advertising for users, already be with has been removed from the store.
25 Million Infected Devices: Check Point Research Discoveries New Variant of Mobile Malware | Check Point Software
Malicious apps infect 25 million Android devices with 'Agent Smith' malware
Agent Smith is a Chinese-made app that Chinese app developers used to advertise their apps on external platforms. It looks like a normal game app, but when installed it downloads popular apps such as the messenger app 'WhatsApp' and the web browser 'Opera' and inserts malicious code to perform 'hijacking'. After that, they will display unwanted advertisements to the user in the form of stealing the authority the user gave to the real app.
According to Check Point, 'Agent Smith' is taking advantage of Android's security vulnerability, which could allow an attacker to remotely access a bank account if a shopping app etc. is taken over as well. It is pointed out that there is.
One of the vulnerabilities used by 'Agent Smith' this time is called 'Janus', which was discovered in 2017, and Google has already released a patch.
New Android vulnerability allows attackers to modify apps without affecting their signatures | Guardsquare
However, since the update has not been applied to all Android devices around the world, it seems that a large-scale infection of unsupported devices has occurred like this. According to reports, 'Agent Smith' mainly targets users in Hindi, Arabic, Russian, and Indonesian, and has suffered 15 million units in India, and Asian countries such as Pakistan and Bangladesh. Large-scale infections have been confirmed in various countries, and 300,000 have been infected in the United States.
The group that had been distributing 'Agent Smith' had been distributing similar malware on Google Play separately, and although the application has already been deleted from Google Play, it has been downloaded more than 10 million times. It was said that
'There is a malicious advertisement that installs the app just by browsing the website. The advertisement blocker is simply an advertisement block,' said Dustin Childs of security company Trend Micro against Phys.org, a tech news site. 'We do not just block', recommended the use of the ad block app, when downloading the app, instead of using a third-party store, called for downloading from Google Play.