Story image

Check Point research discovers new variant of mobile malware

18 Jul 2019
Twitter
Facebook

Check Point Research has discovered a new variant of mobile malware that has quietly infected around 25 million devices, including 15 million mobile devices in India.

Disguised as a Google-related application, the malware exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without users’ knowledge or interaction.

Dubbed “Agent Smith”, the malware currently uses its broad access to the devices’ resources to show fraudulent ads for financial gain, but could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping.

This activity resembles previous malware campaigns such as Gooligan, Hummingbad and CopyCat.

“The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,” says Check Point mobile threat detection research head Jonathan Shimonovich.

“Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene-first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like “Agent Smith”.

“In addition, users should only be downloading apps from trusted app stores to mitigate the risk of infection as third-party app stores often lack the security measures required to block adware loaded apps.”

“Agent Smith” was originally downloaded from the widely-used third party app store, 9Apps and targeted mostly Hindi, Arabic, Russian, Indonesian speaking users.

“So far, the primary victims are based in India though other Asian countries such as Pakistan and Bangladesh have also been impacted.

There has also been a noticeable number of infected devices in the United Kingdom, Australia and the United States. 

Check Point has worked closely with Google and at the time of publishing, no malicious apps remain on the Play Store. 

If users have been infected by apps such as those described in “Agent Smith”, or otherwise, they can follow these steps to remove the malicious apps.

For Android:

  1. Go to Settings Menu
  2. Click on Apps or Application Manager
  3. Scroll to the suspected app and uninstall it.
    If it can’t be found then remove all recently installed apps.

For iPhone:

  1. Go to Settings Menu
  2. Scroll to ‘Safari’
  3. On the list of options, ensure that ‘block pop-ups’ is selected.
  4. Then go to ‘Advanced’ -> ‘Website Data’.
  5. For any unrecognised sites listed, delete this site.

About Check Point Research

Check Point Research provides cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyses global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.

Story image
23 Aug
Intel to release 10th gen mobile CPUs later this year
Comet Lake CPUs will be available later this year in more than 90 designs for use in laptop and two-in-one devices.More
Story image
01 Jul
Hands-on review: Corsair HS35 is the complete console gaming headset
The HS35 delivers high-quality sound and voice clarity for gaming on multiple platforms including PC, Xbox One, PS4, Nintendo Switch, and mobile devices, thanks to a universal 3.5mm connection.More
Story image
16 Aug
Hands-on review: The Fitbit Ace 2 activity tracker for kids
We have noticed a significant difference in Avi’s behavior after he wore the Fitbit Ace 2. Instead of watching TV seated, he now walks back and forward to rack up steps.  Instead of playing inside, he requests to go outside because he needs to get his numbers up.More
Story image
14 Aug
Five ways smart TVs are at risk of cyber attacks
Android TV is the most popular operating system for TVs – but it’s also vulnerable to many malware strains that affect other Android devices, because it shares the same base architecture.More
Story image
Today
Hands-on review: The AirPods 2 with wireless charging
While they're still not great for noise blocking, they are stylish earbuds that allow you to answer phone calls quickly and hands free, listen to music on your phone and communicate with Siri, all while fitting in a compact wireless charging case that's great for travelling.  More
Story image
23 Aug
Five ways attackers can create havoc in smart homes
Attack motives include burglaries, cyber stalking, botnet creation, cryptocurrency mining hubs, theft of personal information or financial information.More