Security researchers have revealed that as many as 25-million phones have been hit with malicious software - malware - that masquerades as the popular messaging application, WhatsApp.
The malware has been nicknamed ‘Agent Smith’, and “abuses previously known weaknesses in the Android operating system, making updating to the latest, patched version of Google’s operating system a priority,” according to a Forbes report citing Israeli security company Check Point.
The majority of victims are said to be based in India, where up to 15-million phones were infected with the Agent Smith malware. The West hasn’t escaped, however, with up to 300,000 U.S. citizens implicated, and 137,000 U.K. residents caught up in its web. It managed to spread through third-party application stores like 9apps.com, owned by Chinese giant Alibaba.
“Due to its ability to hide its icon from the launcher and impersonates any popular existing apps on a device,” researchers at Check Point explained, “there are endless possibilities for this sort of malware to harm a user’s device.”
According to the firm, an attack transpires as follows. “Users download an app from the store- typically a photo utility, games or adult-themed apps. This app then silently installs the malware, disguised as a legitimate Google updating tool. No icon appears for this on the screen, making it even more surreptitious.”
“Legitimate apps- from WhatsApp to the Opera browser and more - are then replaced with an evil update [that serves] bad ads. The researchers said the ads themselves weren’t malicious, however in a typical ad fraud scheme, every click on an injected advertisement will send money back to the hackers, as per a typical pay-per-click system.”
Check Point believes that they’ve managed to track down 11 applications on Google’s store that contained a “dormant” piece of the hacker’s code for the malware; Google has since removed these from the app store. The Israeli-based firm believes that an unnamed group based in China’s city of Guangzhou has been writing the malware code, all the while operating a business helping Chinese Android targeted at helping developers promote their apps in the West on popular platforms.
What can you do?
Check Point’s head of cyber analysis and response, Aviran Hazum says that if WhatsApp users experience any advertisements when they open the application, they are more than likely infected.
“First, go to Android settings, then the apps and notifications section. Next, go to the app info list and look for suspicious applications with names like Google Updater, Google Installer and Google Powers. Click the suspicious application[s] and uninstall it,” Forbes says.
“Otherwise, staying away from unofficial Android app stores might help, given Google’s extra protections designed to prevent malware from getting on the site. Not that Google’s efforts always pay off. Earlier this week, a warning went out about an Android malware spreading over Google Play that was screen-recording users’ banking sessions,” the report concludes.