Agent Smith malware has been exploiting a series of Android vulnerabilities in 25 million android devices. The malware which has been apparently present since 2016, replaces authentic applications with a malicious version that does not steal data but replaces these adverts to the user or steals credit from the device in order to pay for adverts that have already been served.
India is the most affected country with 15 million devices infected with Agent Smith malware. Bangladesh comes second in the list with approximately 2.5 million affected devices. Agent Smith has infected more than 300,000 android devices in the US and 137,000 in the UK.
How does Agent Smith malware work?
A dropper app manipulates the victim to install the malware voluntarily. The initial dropper has encrypted malicious files and usually is present in the form of “ games, barely functioning photo utility or sex-related apps.”
The dropper decrypts and then installs these malicious files. In order to disguise its activity, the malware uses “com.google.vending”, Google Updater, and Google Update for U.
The core malware then creates a list of installed apps including WhatsApp, SwiftKey, Opera, Flipkart as well as Truecaller among other apps. In case, an app matches its “prey list,” it patches the targeted app with a malicious advertising module, in turn, replacing the original just like a regular app update.
Agent Smith malware leverages a number of Android vulnerabilities including Man-in-the-Disk, Janus and Bundle. This combination creates a three-stage infection process that allows the malware distributor to build a monetized botnet through adverts. Agent Smith malware uses a modular structure for infecting targets and consists of Loader, Core, Boot, Patch, AdSDK and Updater.
Agent Smith malware first appeared on“9Apps” which is a third-party app store that targets Indian, Arabic as well as Indonesian users, explaining the reason behind the significant number of infections in these areas. However, Google’s play store remain unaffected by the malware attack.
Agent Smith malware facilitates adverts in a heavy amount which is a tell-tale sign of something going wrong. Since the malware silently attacks user-installed applications, it becomes difficult for most of the Android users to combat such malware threats on their own.
With application penetration testing, malware like Agent Smith can be prevented from infecting your android devices. Cyber security companies provide managed security services that ensure that your android device is secure against such threats.
