/?pid=25-million-android-devices-get-infected-20956

Updated:04:16 PM EDT Jul 06


this is ggmania.com subsite 25 million Android devices get infected - TechAmok

25 million Android devices get infected - [security]
06:32 PM EDT - Jul,10 2019 - (3 comments)

The name 'Agent Smith' is usually associated with the famed Matrix movie trilogy. However, it is now being used to identify a new variant of malware discovered by security provider Check Point Research. The firm reports that around 25 million Android devices have been infected by Agent Smith over the course of the last three years, and that the attackers behind the scenes may be looking to expand their reach. The malware is spread through 9Apps, a third-party apps store, and has targeted mainly Asian users; however, countries such as the U.S. and U.K. have had a high amount of device breaches as well. Essentially, the life cycle of the malware revolves around three phases that have been described in the following way:
  • 1) A dropper app lures victim to install itself voluntarily. The initial dropper has a weaponized Feng Shui Bundle as encrypted asset files. Dropper variants are usually barely functioning photo utility, games, or sex related apps.
  • 2) The dropper automatically decrypts and installs its core malware APK which later conducts malicious patching and app updates. The core malware is usually disguised as Google Updater, Google Update for U or “com.google.vending”. The core malware's icon is hidden.
  • 3) The core malware extracts the device's installed app list. If it finds apps on its prey list (hard-coded or sent from C&C server), it will extract the base APK of the target innocent app on the device, patch the APK with malicious ads modules, install the APK back and replace the original one as if it is an update.
  • To expand a bit upon each of these phases, 'droppers' are apps that imitate popular utilities while quietly installing malicious content on a device. The dropper variants deployed as part of this attack include a number of different applications that may attract users of all ages. These typically offer little to no functionality, but a one-time installation is all that's required to address a major phase of the attack - actually getting the malware on the target device. Moving on, the core module of a 'loader' that's additionally coded with the dropper gets installed, and begins searching the infected device for pre-determined popular apps. The pre-determined list of apps is obtained through contact with a command-and-control (C&C) server. The apps include some highly popular and widely-used ones, such as WhatsApp, ShareIt, MX Player, the Opera browser and more. The loader then works with various other modules to infect the legitimate applications with its own code. As a result of this alteration, Android's package manager is duped into considering the malicious files as an update for said applications. Throughout the following 'update' process, the malware disguises itself as a Google-related updating tool, thus not rousing users' suspicions. The breached apps, now carrying the malicious ad modules patched into their APKS, start displaying these ads as a replacement of in-app activity. Even if said app isn't specified in the pre-created list, the ads are simply shown on any activity that is being loaded at the time. Notably, 'Agent Smith' will continue to infect the same device multiple times, whenever the latest malicious patches are available.

    Based on its research, Check Point believes that a Chinese firm operating in the city of Guangzhou is the main culprit behind the attacks. The name of the company has been redacted from its publication, and information related to the attacks has been provided to law enforcement officials, as well as Google, to assist them in further investigation. Although this form of malware was initially only spread through 9Apps, the researchers discovered traces of the malicious actors looking to spread their system to Play Store applications as well. During the search, 11 Play Store apps were found to be connected to the attackers. However, Check Point does state that it has worked closely with Google to remove all of these from the Play Store. Google has not issued a public statement regarding the matter as of yet, though we'll keep you updated. For now, do make sure that you download your applications from a trustworthy app store, and be on the lookout for ads that may crop up at unusual times.

    last 10 comments:

    (11:58 AM EDT - Jun,02 2020) - jackyj
    thankyou for sharing online healing courses
    (11:58 AM EDT - Jun,02 2020) - jackyj
    (06:59 AM EDT - May,13 2020) - fazadoxe
    The recent news break about the technology that there are millions of devices who are infected during the security breach. All this news is covering by uk essays review who provides the authentic news on all the technology.

    Add your comment (free registrationrequired)

    Short overview of recent news articles

    Jul,06 2025 I'm an idiot and still made top 5... here's how
    Jul,05 2025 The Fantastic Four: First Steps - Official 'Lift Off' Teaser
    Jul,04 2025 Samsung Galaxy Z Fold 7 - Hands on Look
    Jul,04 2025 RTX 5070 Ti vs RTX 5080 - Is 5080 Gaming Laptop Worth More $$$?
    Jul,04 2025 FIRST DRIVE: Praga Bohema - Crazy Hypercar Driven!
    Jul,03 2025 Ballerina - Exclusive John Wick Deleted Scene (2025) Keanu Reeves,
    Jul,03 2025 Call of Duty: WWII - Remote Code Execution Warning (PC Game Pass)
    Jul,02 2025 1014HP Lamborghini REVUELTO 369KMH TOP SPEED POV on AUTOBAHN
    Jul,01 2025 Nvidia Drivers (V 576.80 vs V 576.88) - Test In 12 Games - RTX 4060
    Jun,30 2025 AMD Adrenalin 25.6.3 Driver Is Available
    Jun,30 2025 NVIDIA GeForce RTX 5080 SUPER Could Feature 24 GB Memory, Increased
    Jun,29 2025 Guess What Nvidia Did THIS Time
    Jun,28 2025 The 10 Best Dinosaur Movies of All Time
    Jun,28 2025 Microsoft officially confirms that Windows 11 version 25H2 is coming
    Jun,26 2025 Eddington - Official Trailer 2 (2025) Joaquin Phoenix, Pedro Pascal
    Jun,25 2025 Microsoft Say System Restore Points Now Expire After 60 Days
    Jun,25 2025 Facebook, Netflix, and Microsoft Websites Hijacked to Insert Fake
    Jun,24 2025 I put a $3000 GPU in my Average PC... It Was a Mistake
    Jun,24 2025 Best External SSD for Mac 2025: After Weeks of Testing, Here's What
    Jun,23 2025 Mostly boob jokes this week (RTX 5090 DD) - Tech News June 22
    Jun,21 2025 Superman - Official 30 Second Spot (2025)
    Jun,21 2025 'The fastest road car I've ever been in!' - Ferrari F80 track day
    Jun,20 2025 CPU SCAM: AMD Ryzen 9800X3D Counterfeits & Fraud
    Jun,19 2025 28 Years Later Review
    Jun,18 2025 HW News - NVIDIA "N1x" CPU Leak, ASUS Xbox ROG Ally, More Intel
    Jun,17 2025 NVIDIA GeForce 576.80 WHQL Driver
    Jun,16 2025 The Fantastic Four: First Steps - Official 'H.E.R.B.I.E.' Teaser
    Jun,15 2025 Huawei Maextro S800 First Look - A True BMW & Mercedes Killer?
    Jun,14 2025 Upgrade Windows 10 to Windows 10 LTSC Without Losing Data
    Jun,14 2025 Squid Game: Season 3 - Final Games Trailer
    Jun,11 2025 WWDC 2025: Everything Revealed in 9 Minutes
    Jun,10 2025 Microsoft June 2025 Patch Tuesday fixes exploited zero-day, 66 flaws
    Jun,10 2025 This Malware BREAKS WINDOWS!
    Jun,10 2025 Reset Forgotten Password without Any Software, without USB drive in
    Jun,08 2025 Microsoft Will Block Unsupported Hardware For Windows 11
    Jun,08 2025 Memory Wars! Apple vs Ryzen - Is Unified Memory Faster than Shared
    Jun,06 2025 Predator: Killer of Killers - Exclusive Clip (2025)
    Jun,06 2025 Enable Deep Effect on Samsung One Ui 7
    Jun,05 2025 Google Kills Off PayPal in Google Wallet
    Jun,05 2025 Samsung's Next Flagship Foldable Will be Ultra
    >> News Archive <<

    TechAmok - Privacy Policy        loading time:0.01secs