Based on a press release from security firm Check Point, as soon as Agent Smith is active on the device, the malware appears for frequent apps and changes them with malicious versions. The altered apps present false advertisements for monetary gain.
“The malware assaults user-installed functions silently, making it difficult for common Android customers to fight such threats on their very own,” stated Check Point’s Head of Mobile Threat Detection Research Jonathan Shimonovich.
The strategies used are similar to other malware such as Gooligan, Hummingbird, and CopyCat. Check Point additionally states that the vector might simply be used for extra nefarious and dangerous functions such as stealing bank data or spying.
Up to now, many of the infections have been detected in India and neighboring nations as a result of the malware is primarily distributed via 9Apps, a third-party app store popular within the area. The malicious code generally comes hidden inside a “dropper” app.
“A dropper app attracts sufferer [sic] to put in itself voluntarily,” stated Check Point. “Dropper variants are usually barely functioning photo utility, games, or sex-related apps.”
More than 15 million of the infections originate from India; however, around 300,000 units within the US reportedly have the malware installed as well. In accordance with the researchers, the dangerous actors, who seem to originate from China, tried to increase operations into the Google Play Store and efficiently planted 11 programs infected with an altered version of the malware. Google has since rejected the malicious software program.