Matrix Alert: Agent Smith Malware Silently Infects 25M Android Devices
CYBER NEWS

Matrix Alert: Agent Smith Malware Silently Infects 25M Android Devices

1 Star2 Stars3 Stars4 Stars5 Stars (2 Stimmen, durchschnittlich: 5.00 von 5)
Loading ...

Security researchers just came across a new type of mobile malware “that has quietly infected around 25 Millionen Geräte” without users being aware of the infection.

The malware is targeting Android users and is called Agent Smith after the Matrix popular character, probably because of its silent and sneaky behavior. The infection stems from an unofficial Android app store. According to Check Point researcher, die Agent Smith malware is disguised as a Google related application, and its core part exploits a range of known Android security flaws.




The malware is even capable of automatically replacing installed apps with their malicious versions, without the user’s knowledge or interaction. The purpose of the Agent Smith malware is not surprising – it aims to push advertisements and hijack valid ad events.

The primary victims of the malicious campaign are Android users based in India, but other Asian countries such as Pakistan and Bangladesh are also impacted. Affected devices are also discovered in the UK, Australien und den USA, sagten die Forscher.

How does the Agent Smith malware infection happen?

There are three stages of the infection process. The first stage aims to trick the user to download a dropper application from an app store such as 9Apps. To successfully lure the user, these droppers are presented as useful or free applications. Free games or adult entertainment apps are also used.

The dropper application then checks if any popular applications, such apps include WhatsApp, MXplayer, ShareIt and more from the attacker’s pre-determined list, are installed on the device. If any targeted application is found, “Agent Smith” will then attack those innocent applications at a later stage, so der Bericht.

The second infection phase involves the dropper automatically decrypting the malicious payload into its original form, which is an APK file. This file is the malware’s core part of the attack. This is also the time when the malware leverages the known Android vulnerabilities without the user’s interaction.

verbunden:
The infamous XLoader Android and iOS spyware has been found to infect users in a new attack campaign spreading a new version
Next-Gen XLoader Android und iOS Spyware wird weltweit verbreitet

During the third stage, the core part of Agent Smith malware will attack each installed application on the compromised Android device, according to its target list. “The core malware quietly extracts a given innocent application’s APK file, patches it with extra malicious modules and finally abuses a further set of system vulnerabilities to silently swap the innocent version with a malicious one”, sagten die Forscher.

To remove bogus apps such as the ones involved in the Agent Smith malware campaign, you can follow these simple steps:

1. Go to Settings Menu
2. Click on Apps or Application Manager
3. Scroll to the suspected app and uninstall it.

If the app can’t be located, then simply remove all recently installed apps, as per the researchersadvice.

Milena Dimitrova

Ein inspirierter Schriftsteller und Content-Manager, der mit SensorsTechForum ist seit 4 Jahre. Genießt ‚Mr. Robot‘und Ängste‚1984‘. Konzentriert sich auf die Privatsphäre der Nutzer und Malware-Entwicklung, sie die feste Überzeugung, in einer Welt, in der Cybersicherheit eine zentrale Rolle spielt. Wenn der gesunde Menschenverstand macht keinen Sinn, sie wird es sich Notizen zu machen. Diese Noten drehen können später in Artikel!

Mehr Beiträge

Schreibe einen Kommentar

Ihre E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind markiert *

Frist ist erschöpft. Bitte laden CAPTCHA.

Auf Facebook teilen Teilen
Loading ...
Empfehlen über Twitter Tweet
Loading ...
Share on Google Plus Teilen
Loading ...
Share on Linkedin Teilen
Loading ...
Empfehlen über Digg Teilen
Teilen auf Reddit Teilen
Loading ...
Empfehlen über Stumbleupon Teilen
Loading ...