Named after the Matrix’s famous villain Agent Smith, a new malware has struck more than 6,000 devices in Singapore, on top of more than 25 million android devices around the world.
On July 11th, a statement was released by Check Point Software Technologies’ revealed that the malware automatically replaces installed apps with “malicious” versions without notifying the user.
It is able to do this by disguising itself as a Google-related app and exploiting different vulnerabilities in the Android operating system. This affected nearly one million devices in Southeast Asia alone, according to Check Point Software Technologies. Singapore being the least affected with about 6,250 devices.
On the other hand, Indonesia was the most affected in the region, with more than 572,000 devices having the malware. This number is blown away by India, which had more than 15 million infected devices and over 2 billion infection events, which tops all other countries in the world.
Other Southeast Asian countries that were affected include The Philippines (226,701), Malaysia (55,647), Thailand (52,848) and Vietnam (32,916).
Check Point Software Technologies revealed that Agent Smith uses “broad access” to devices’ resources to show fake ads for financial gain. While this is currently the extent, it is warned that this software “could easily be used for far more intrusive and harmful purposes”, which would include stealing banking credentials and eavesdropping. It added that the activity resembles previous malware campaigns like Gooligan, Hummingbad and CopyCat.
Jonathan Shimonovich, head of mobile threat detection research at Check Point Software Technologies stated, “The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own.”
He also stated that the best way to protect from these malware attacks would be to combine advanced threat prevention and threat intelligence while at the same time adopting a “hygiene first” approach to safeguard digital assets.
Users are also advised to only perform downloads on trusted app stores to lower their exposure to infection as third party stores would typically lack the necessary security measures to block adware-loaded apps, Shimonovich said.