Updated:05:37 PM EDT Mar 28

this is subsite 25 million Android devices get infected - TechAmok

25 million Android devices get infected - [security]
06:32 PM EDT - Jul,10 2019 - post a comment

The name 'Agent Smith' is usually associated with the famed Matrix movie trilogy. However, it is now being used to identify a new variant of malware discovered by security provider Check Point Research. The firm reports that around 25 million Android devices have been infected by Agent Smith over the course of the last three years, and that the attackers behind the scenes may be looking to expand their reach. The malware is spread through 9Apps, a third-party apps store, and has targeted mainly Asian users; however, countries such as the U.S. and U.K. have had a high amount of device breaches as well. Essentially, the life cycle of the malware revolves around three phases that have been described in the following way:
  • 1) A dropper app lures victim to install itself voluntarily. The initial dropper has a weaponized Feng Shui Bundle as encrypted asset files. Dropper variants are usually barely functioning photo utility, games, or sex related apps.
  • 2) The dropper automatically decrypts and installs its core malware APK which later conducts malicious patching and app updates. The core malware is usually disguised as Google Updater, Google Update for U or The core malware's icon is hidden.
  • 3) The core malware extracts the device's installed app list. If it finds apps on its prey list (hard-coded or sent from C&C server), it will extract the base APK of the target innocent app on the device, patch the APK with malicious ads modules, install the APK back and replace the original one as if it is an update.
  • To expand a bit upon each of these phases, 'droppers' are apps that imitate popular utilities while quietly installing malicious content on a device. The dropper variants deployed as part of this attack include a number of different applications that may attract users of all ages. These typically offer little to no functionality, but a one-time installation is all that's required to address a major phase of the attack - actually getting the malware on the target device. Moving on, the core module of a 'loader' that's additionally coded with the dropper gets installed, and begins searching the infected device for pre-determined popular apps. The pre-determined list of apps is obtained through contact with a command-and-control (C&C) server. The apps include some highly popular and widely-used ones, such as WhatsApp, ShareIt, MX Player, the Opera browser and more. The loader then works with various other modules to infect the legitimate applications with its own code. As a result of this alteration, Android's package manager is duped into considering the malicious files as an update for said applications. Throughout the following 'update' process, the malware disguises itself as a Google-related updating tool, thus not rousing users' suspicions. The breached apps, now carrying the malicious ad modules patched into their APKS, start displaying these ads as a replacement of in-app activity. Even if said app isn't specified in the pre-created list, the ads are simply shown on any activity that is being loaded at the time. Notably, 'Agent Smith' will continue to infect the same device multiple times, whenever the latest malicious patches are available.

    Based on its research, Check Point believes that a Chinese firm operating in the city of Guangzhou is the main culprit behind the attacks. The name of the company has been redacted from its publication, and information related to the attacks has been provided to law enforcement officials, as well as Google, to assist them in further investigation. Although this form of malware was initially only spread through 9Apps, the researchers discovered traces of the malicious actors looking to spread their system to Play Store applications as well. During the search, 11 Play Store apps were found to be connected to the attackers. However, Check Point does state that it has worked closely with Google to remove all of these from the Play Store. Google has not issued a public statement regarding the matter as of yet, though we'll keep you updated. For now, do make sure that you download your applications from a trustworthy app store, and be on the lookout for ads that may crop up at unusual times.

    Add your comment (free registrationrequired)

    Short overview of recent news articles

    Mar,28 2020 What It's Like Inside The Hospital At The Epicenter Of New York
    Mar,28 2020 COVID-19 Pop Culture Mash Up
    Mar,28 2020 Spring Break vs. COVID19: The Real Impact of Ignoring Social
    Mar,28 2020 Honor MagicBook 14 Unboxing and first impressions
    Mar,26 2020 Neural Network Technology Flawlessly Blend 2D Images Into 3D Scenes
    Mar,26 2020 FIJI Tiger Shark Attack 2019 angle 3
    Mar,26 2020 Samsung Bringing S20 Camera Features to S10 and Note10
    Mar,24 2020 How This Guy Balances Impossible Rock Structure
    Mar,24 2020 20 Easy Experiments in 5 mins for Bored Adults and Kids at School
    Mar,24 2020 Samsung Discounts Galaxy S20 5G, S20 Plus by $200
    Mar,24 2020 Verizon Adds 15GB of Data for All Consumers, Small Businesses
    Mar,24 2020 Apple App Store Now Supports Single Purchase for Both iOS & macOS
    Mar,24 2020 Instagram Launches "Co-Watching" Via Video Chat
    Mar,24 2020 YouTube videos will default to standard definition
    Mar,23 2020 New GeForce 445.75 Game Ready Drivers
    Mar,22 2020 DOOM Eternal - 26 Graphics Cards Compared
    Mar,22 2020 Visualization of air spread when coughing
    Mar,22 2020 How Will Summer Really Impact Coronavirus?
    Mar,19 2020 How To See Germs Spread (Coronavirus)
    Mar,19 2020 Reducing Hole for the Cat. When will he stop?
    Mar,19 2020 INHERITANCE Official Trailer (2020) Lily Collins, Simon Pegg
    Mar,19 2020 What Coronavirus Symptoms Look Like, Day By Day
    Mar,19 2020 T-Mobile, Verizon, Sprint, AT&T Temporarily Closing Stores
    Mar,19 2020 Satellite in Orbit Transmits Directly to a Standard Mobile Phone on
    Mar,19 2020 Nokia 5.3 Offers Quad Rear Cameras for $200
    Mar,19 2020 Nokia Unveils its First 5G Phone, Supporting 12 5G Bands
    Mar,19 2020 NVIDIA Releases GeForce 442.74 Game Ready Drivers
    Mar,19 2020 AMD Releases Radeon Software Adrenalin 20.3.1 Drivers
    Mar,17 2020 LG V60 Launches Friday Starting at $800
    Mar,17 2020 T-Mobile, Verizon, Sprint Temporarily Closing Many Retail Locations
    Mar,16 2020 Complete Hardware Specs Sheet of Xbox Series X
    Mar,16 2020 Marvel Duel to launch closed beta test on March 19
    Mar,14 2020 Too Kyo Games announces original TV anime Akudama Drive
    Mar,14 2020 Zorin OS 15.2 Core Review
    Mar,14 2020 Lend your gaming PC to help fight Coronavirus
    Mar,13 2020 Microsoft Patches Critical SMBv3 Protocol Vulnerability
    Mar,12 2020 Joe Rogan Experience #1439 - Michael Osterholm
    Mar,12 2020 Solving The Internet's Oldest Mystery
    Mar,12 2020 How a Little Shark Destroyed the US Navy
    Mar,12 2020 TSMC to Kickstart 5 nm Volume Production in April
    >> News Archive <<

    TechAmok - Privacy Policy        loading time:0.01secs