Rabitə və İnformasiya Texnologiyaları Nazirliyinin elektron xəbər xidməti

25 Million Android Devices Infected by ‘Agent Smith’ Malware


Malware that replaces victims' legitimate apps with a malicious doppelganger has infected 25 million devices across India and the U.S. say security researchers.
 
The virus, named 'Agent Smith' after a fictional character from the, 'The Matrix' who is able to make others into copies of himself, was highlighted by the security firm Check Point on Wednesday and affects users on Android devices.
 
Instead of stealing data, the malware covertly replaces apps inside a user's phone with hacked versions which display ads selected by the hackers, allowing them to profit off their views.
 
To avoid detection, the malware -- under its disguise as popular apps like WhatsApp or Flipkart -- is also capable of replacing code in the original program with its own malicious version that prevents an app from being updated.
 
At least 15 million of the devices infected are located in India and 300,000 have been detected in the U.S. Other infections are spread across Asia as well as the U.K., and Australia.
 
'The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,' said Jonathan Shimonovich, Head of Mobile Threat Detection Research at Check Point.
 
'Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like 'Agent Smith''
 
Researchers say Agent Smith was able to spread to devices through a third-party app storecalled 9Apps.
 
Malicious code was embedded into photo apps and sex-related apps which were then downloaded by users.
 
Once inside a victim's device, the malware would disguise itself as a legitimate app and then begin replacing code.
 
As reported by The Verge, creators of the malware also attempted to infect users in the Google Play store through 11 apps containing bits of malicious code.
 
The foray was reportedly unsuccessful and Google has removed all the apps from its store.
 
A vulnerability in Android that allowed hackers to include their code was patched several years ago, but developers failed to patch their apps, leaving many open to attack.
 
To avoid being compromised by malware like Agent Smith, Check Point has some simple words of advice.
 
'Users should only be downloading apps from trusted app stores to mitigate the risk of infection as third party app stores often lack the security measures required to block adware loaded apps,' wrote researchers.




11/07/19    Çap et