Check Point Researchers know where to look and what to do. The team has recently discovered a vulnerability among Android phones mainly of those living in India. Other countries like Bangladesh and Pakistan have been victimized, as well as, some units in the US, Australia, and the UK. A virus known as “Agent Smith” is apparently spreading as another mobile malware. Some 25 million devices around the world have been infected already. The virus posted as a Google-related app so maybe that’s why the Android community didn’t immediately notice it.
What happens is that mobile malware exploits known vulnerabilities already. It replaces some installed apps without the knowledge of the phone owner. This Agent Smith usually just causes the phone to shaw fraudulent ads. It’s something we’ve seen before with similar malware that can infect Android phones.
The malicious activity is ads showing up. It becomes annoying but it can be more dangerous because there are many possibilities like eavesdropping, credential theft, hiding icons, and remotely launching some activities.
Agent Smith can attach in three phases. First, it can lure mobile users to download a dropper app that may be disguised as a free game, utility app, or something adult entertainment apps. What happens is that such apps are encrypted with a malicious payload. In the future, Agent Smith can attack them.
The Agent Smith can then have control of the device. It decrypts the malicious payload into an original form like maybe an APK. It can in turn abuse system vulnerabilities and then install core malware without even informing the device user.
Lastly, the core malware can attack all the installed apps. It then extracts an innocent app’s APK file and patches with more malicious modules. Further abuse can be done by replacing innocent apps with malicious versions.
Most of the phones victimized were those that downloaded from third-party app stores. Lesson learned: only download from authorized app stores. You’ll never go wrong with the Google Play Store although sometimes, apps may be unfiltered.