Yes you have read it right. The malware is called “Agent Smith” and you are not in the Matrix movie. Same as what the concept in the Matrix is, these are a bunch of rouge modified/weaponized apps that do bad things. Legit apps like WhatsApp and web browser Opera was not spared from being replaced with the tainted versions.
Those malicious apps from a malware campaign called “Agent Smith” has been reported to have been downloaded to approximately 25 million android devices as per cyber-security firm Check Point.
There are a wide variety of apps in this malware campaign and most of them are games. They were distributed through third-party app stores by a Chinese group with a legitimate business who help developers promote their apps on outside platforms. The said company was not named because they are working with local law enforcement.
The malware was able to copy popular phone apps and inject malicious code and replace the original with their weaponized version. They used vulnerability in the way Google apps are updated. The tricky part is that the hijacked apps still work normally which masquerades it from users.
Since the original apps are granted full permissions, “Agent Smith” was able to hijack other phone apps to display unwanted ads to users. The security flaw and vulnerability mentioned earlier could be used in multiple ways including hijacking banking, shopping and other data sensitive apps.
For now, “Agent Smith” does the adware route but is capable of doing nastier things. “Hypothetically, nothing is stopping them from targeting bank apps, changing the functionality to send your bank credentials” to a third party, Hazum said. “The user wouldn’t be able to see any difference, but the attacker could connect to your bank account remotely.”
There are also some dormant apps in the Google Play store which have “Agent Smith” that could have been easily triggered . The said apps have now been removed from the Google Play store. The only downside is that they have been downloaded over 10 million times.
Clueless users think they are just harmless ads, but in fact it can be used in different ways. Dustin Childs, the communications manager for cybersecurity company Trend Micro’s Zero Day Initiative, a so-called ‘bug bounty’ program that pays rewards to hackers and researchers who tip them off about software security flaws.
They have seen malicious ads that can install apps when you browse to a webpage from your Android device. Worst case scenario is that ransomware can be installed this way or even copy contacts and do other nasty things. It is advisable to use ad-blockers for Android devices, install updates when prompted and download apps from Google Play Store.
App developers are not the ones to blame here since they have no way to prevent this. The operating system has to be updated and patched up in order to prevent malware like “Agent Smith” to infiltrate your Android device.
Google has already fixed at least one of the exploits used by “Agent Smith” nicknamed Janus last 2017, however, the fix has not made its way to every Android phone. This should be a wake up call to remind us that millions of phones are being used without the latest security patches.
The huge numbers of devices that got infected reflects how many devices are not up to date. Android devices are not aggressively updated compared to Microsoft Windows. It simply means it will take quite some time before all these phones get updated. This is due to the fact that the Android ecosystem is fragmented compared to iPhone’s.
Although Google has a good track record of releasing fixes for bugs and vulnerabilities, it is quite difficult for them to push it to all devices.
In the event Google issues a new fix or patch, device makers like LG and Samsung needs to test all their own apps if it does not break and still works with the fix/patch added. This takes time and considering how fast paced new phones are released, they stop offering updates to phones after a few months or years. People often do not bother to keep phones for long thus explaining the updates not being installed either.
Interesting enough, if manufacturers push out an update for the device, all the carriers – such as Verizon and AT&T – then have to authorize the update. Some people just ignore and do not want to run the update on their phones. It takes at least 30 minutes on a stable connection to download and additional minutes to install them. Primarily the reason people tend to ignore them.
There is no doubt that it is important that security updates be installed on android devices. The biggest risk really comes from third-party app stores. There is a huge chunk of devices that using outdated versions of android.
Whether or not users have updated security on their phones, one of the biggest risks to Android devices comes from third-party app stores, which aren’t well-vetted, said Daniel Thomas, a research associate and lecturer at University of Cambridge.
Apple iPhone users should not be too complacent. Their ecosystem is more controlled compared to Android. Yet still, hackers still found ways to exploit the iOS. Security updates on older iPhone models have also been stopped although the older iPhone models are still being used today. Who knows, “Agent Smith” might end up on your iPhone in the future.
There are tons of code out there. Vulnerabilities are bound to be found. Like the Matrix, “This is your last chance. After this, there is no turning back. You take the blue pill – the story ends, you wake up in your bed and believe whatever you want to believe.
Run security updates and patches for you to be safe.