25 Million Android Phones Infected With Malware. Cybersecurity scientists advised on Wednesday that as many as 25 million Android devices have been struck with malware that replaces installed applications like WhatsApp with malicious variants that serve up ads.
Dubbed Agent Smith, malware abuse previously known weaknesses in the Android operating system, making updating to the recent, patched version of Google’s operating system a priority, said Check Point, an Israeli safety firm.
25 Million Android Phones Infected With Malware That ‘Hides In WhatsApp’
Most victims are based in India, where they have been infected by as many as 15 million. But there are over 300,000 in the U.S., with another 137,000 in the U.K., making this one of the more serious threats in the latest memory hitting Google’s operating system.
Instead of the official Google Play store, the malware has spread through a third-party app store 9apps.com, owned by China’s Alibaba. Such non-Google Play attacks typically concentrate on developing nations, making the success of the hackers in the United States and the United Kingdom. More noteworthy, said Check Point.
While the applications replaced will serve up malicious advertisements, whoever is behind the hacks might do worse, a blog advised Check Point. “Because of its capacity to conceal the launcher’s icon and impersonate any common current applications on a computer, there are endless opportunities for such malware to damage the device of a user,” the scientists wrote.
They said Google and the appropriate law enforcement agencies had been advised. At the moment of publishing, Google had not given any comments.
The attack typically operates as follows: customers download an app from the shop-typically a picture utility, games or adult-themed applications (one called Kiss Game: Touch Her Heart is advertised with a cartoon of a guy kissing a slightly clad female). This app then installs the malware quietly, disguised as a lawful updating instrument for Google.
There’s no icon on the screen for this, making it even more surreptitious. Legitimate applications — from WhatsApp to the Opera browser and more — are substituted by a poor update to serve the poor advertisements. The researchers said the advertisements were not per se malicious. But in a typical ad fraud scheme, as with a typical pay-per-click system, every click on an injected advert will send cash back to the hackers.
There is some sign that the attackers are planning to move to Google Play. Researchers at Check Point said they had discovered 11 applications in Google’s shop that contained a hackers software “dormant” piece. Google quickly pulled down those applications.
Check Point thinks that the malware has been built by an unidentified Chinese company based in Guangzhou, while running a business that helps Chinese Android developers promote their applications on platforms abroad. At the moment of publication, Alibaba had not replied to a request for comment on malware proliferation on the 9apps platform.
What are you able to do?
So what could anxious owners of Android do? Aviran Hazum, head of cyber assessment and reaction at Check Point, said that if consumers experience ads displayed at strange moments, such as opening WhatsApp, they should take action. Naturally, lawful WhatsApp does not serve advertisements.
First, go to settings for Android, then section applications and notifications. Next, look for suspect apps with names like Google Updater, Google Installer for U, Google Powers, and Google Installer. Click and uninstall the suspect request.
Otherwise, it may assist to stay away from informal Android app stores, given Google’s additional protections intended to avoid malware from getting on the site. Not that the attempts of Google are always paying off. Earlier this week, a warning spread over Google Play about an Android malware that was screen recording banking sessions for users.