Android users have been warned to watch out for a new form of mobile malware that cannibalises apps.
The malware, dubbed “Agent Smith” by researchers at Check Point Research, disguises itslef as an official Google-related application to get embedded on a victim’s device.
It then exploits known Android vulnerabilities and automatically replaces installed apps – such as WhatsApp – with malicious versions without users’ knowledge or interaction, before showing fraudulent ads to the user, earning money for the criminals behind the operation.
Check Point says that around 25 million devices have already been infected by the Agent Smith malware – 15 million of which in India, where it appeared on popular third-party app store 9Apps, but also in the UK, Australia and US.
The researchers say that although at the moment the malware may be more annoying than damaging, its effects could be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping.
“The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,” said Jonathan Shimonovich, head of mobile threat detection research at Check Point Software Technologies.
“Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like “Agent Smith”. In addition, users should only be downloading apps from trusted app stores to mitigate the risk of infection as third party app stores often lack the security measures required to block adware loaded apps.”