‘Agent Smith’ is a new kind of mobile malware which secretly replaces WhatsApp on individuals’ smartphone with a malicious version of it without the user even realizing it. Security researchers have uncovered that the malware has infected up to 25 million devices. This malware then displays fraudulent ads which is use to steal banking details and spying user through their camera or microphone.
Majority of the victims are located in India and two-thirds of the infected devices are located in the south Asian country. The malware has also been spread to up to 137,000 devices in the UK, with a further 300,000 infections in the US.
There Are Three Phases of Agent Smith’s Attack Flow.
1. Attackers lure users to download apps such as free games, utility applications or adult entertainment apps which contains malicious encrypted file from third party apps store. Agent Smith will then attack popular apps like WhatsApp.
2. The malware is then triggered to decrypt the malicious file and then abuse several known system vulnerabilities to install the core malware in the background without any user interaction at all.
3. The core malware quietly extracts a given innocent application’s APK file, patches it with extra malicious modules and finally abuses a further set of system vulnerabilities to silently swap the innocent version with a malicious one.
Condition Zebra (an international IT security software, services, education and distribution business) would like to give a few tips on how to prevent this type of malware from infecting your smartphones. Firstly, users have to avoid downloading apps from third-party app store which oftentimes lack security validations. Secondly, users should have advanced threat prevention solution installed on the devices. Users will then receive an alert if malicious apps are detected and blocked from being installed.
In conclusion, malwares like Agent Smith requires a lot of attention and action from users, system developers, device manufacturers and app developers. Please play your part so all vulnerabilities are known to developers which can then be fixed, patched, distributed, and installed in time before it spreads to an even larger audience.
Full article from INDEPENDENT