/?pid=25-million-android-devices-get-infected-20956

Updated:04:18 AM EDT Mar 18


this is ggmania.com subsite 25 million Android devices get infected - TechAmok

25 million Android devices get infected - [security]
06:32 PM EDT - Jul,10 2019 - (3 comments)

The name 'Agent Smith' is usually associated with the famed Matrix movie trilogy. However, it is now being used to identify a new variant of malware discovered by security provider Check Point Research. The firm reports that around 25 million Android devices have been infected by Agent Smith over the course of the last three years, and that the attackers behind the scenes may be looking to expand their reach. The malware is spread through 9Apps, a third-party apps store, and has targeted mainly Asian users; however, countries such as the U.S. and U.K. have had a high amount of device breaches as well. Essentially, the life cycle of the malware revolves around three phases that have been described in the following way:
  • 1) A dropper app lures victim to install itself voluntarily. The initial dropper has a weaponized Feng Shui Bundle as encrypted asset files. Dropper variants are usually barely functioning photo utility, games, or sex related apps.
  • 2) The dropper automatically decrypts and installs its core malware APK which later conducts malicious patching and app updates. The core malware is usually disguised as Google Updater, Google Update for U or com.google.vending. The core malware's icon is hidden.
  • 3) The core malware extracts the device's installed app list. If it finds apps on its prey list (hard-coded or sent from C&C server), it will extract the base APK of the target innocent app on the device, patch the APK with malicious ads modules, install the APK back and replace the original one as if it is an update.
  • To expand a bit upon each of these phases, 'droppers' are apps that imitate popular utilities while quietly installing malicious content on a device. The dropper variants deployed as part of this attack include a number of different applications that may attract users of all ages. These typically offer little to no functionality, but a one-time installation is all that's required to address a major phase of the attack - actually getting the malware on the target device. Moving on, the core module of a 'loader' that's additionally coded with the dropper gets installed, and begins searching the infected device for pre-determined popular apps. The pre-determined list of apps is obtained through contact with a command-and-control (C&C) server. The apps include some highly popular and widely-used ones, such as WhatsApp, ShareIt, MX Player, the Opera browser and more. The loader then works with various other modules to infect the legitimate applications with its own code. As a result of this alteration, Android's package manager is duped into considering the malicious files as an update for said applications. Throughout the following 'update' process, the malware disguises itself as a Google-related updating tool, thus not rousing users' suspicions. The breached apps, now carrying the malicious ad modules patched into their APKS, start displaying these ads as a replacement of in-app activity. Even if said app isn't specified in the pre-created list, the ads are simply shown on any activity that is being loaded at the time. Notably, 'Agent Smith' will continue to infect the same device multiple times, whenever the latest malicious patches are available.

    Based on its research, Check Point believes that a Chinese firm operating in the city of Guangzhou is the main culprit behind the attacks. The name of the company has been redacted from its publication, and information related to the attacks has been provided to law enforcement officials, as well as Google, to assist them in further investigation. Although this form of malware was initially only spread through 9Apps, the researchers discovered traces of the malicious actors looking to spread their system to Play Store applications as well. During the search, 11 Play Store apps were found to be connected to the attackers. However, Check Point does state that it has worked closely with Google to remove all of these from the Play Store. Google has not issued a public statement regarding the matter as of yet, though we'll keep you updated. For now, do make sure that you download your applications from a trustworthy app store, and be on the lookout for ads that may crop up at unusual times.

    last 10 comments:

    (11:58 AM EDT - Jun,02 2020) - jackyj
    thankyou for sharing online healing courses
    (11:58 AM EDT - Jun,02 2020) - jackyj
    (06:59 AM EDT - May,13 2020) - fazadoxe
    The recent news break about the technology that there are millions of devices who are infected during the security breach. All this news is covering by uk essays review who provides the authentic news on all the technology.

    Add your comment (free registrationrequired)

    Short overview of recent news articles

    Mar,18 2024 Haley Messick - Saatisfaction @bennybenassi - In10sive Mastercamp
    Mar,18 2024 1000W CPU: The Most Powerful Desktop Processor
    Mar,18 2024 Expands Snapdragon 8 Series to Cover More Price Points
    Mar,17 2024 Train Vs Lamborghini
    Mar,16 2024 Don't use a Microsoft Account!
    Mar,16 2024 This Ghillie Made from MIRRORS is SHOCKINGLY GOOD
    Mar,16 2024 How Hackers Deliver Malware to Hack you using Social Media
    Mar,15 2024 Call of Duty: Warzone Mobile - Launch Trailer
    Mar,14 2024 Intel's 4th Attempt At Beating Ryzen - "New" 6.2GHz Core
    Mar,14 2024 Asus Goes Big with Zenfone 11 Ultra
    Mar,14 2024 House Passes Bill to Force Sale of TikTok
    Mar,14 2024 Motorola Brings More Affordable 5G Phones to its 2024 Lineup
    Mar,14 2024 Capristan Swim - Miami Swim Week | Art Basel Miami
    Mar,11 2024 The Most Stunning All SSD NAS Ever? Inside QNAP's All-SSD
    Mar,11 2024 M2 vs M3 MacBook Air - ULTIMATE Comparison!
    Mar,11 2024 Risky PC Experiment: Direct CPU Water-Cooling! Can It Survive?
    Mar,11 2024 SpaceX Falcon 9 rocket launches 23 Starlink satellites from
    Mar,10 2024 I tried the Cheapest Arduino Alternative (that Nobody heard of)
    Mar,10 2024 This is the WEIRDEST PC I've ever seen.
    Mar,10 2024 Nvidia Retires GTX 16 Series, GDDR7 Arrives, FSR Upscaling Going AI?
    Mar,09 2024 The New BIOS Hack That Bypasses Every Antivirus
    Mar,09 2024 Microsoft says it hasn't been able to shake Russian state hackers
    Mar,09 2024 iOS 17.4, Out Today, Brings Transcripts to Apple Podcasts
    Mar,09 2024 Microsoft Kills Android-on-Windows
    Mar,08 2024 Don't Make These Common PC Building Mistakes!
    Mar,07 2024 Sydney Sweeney Gets Outcast By Her Hooters Co-Workers On 'SNL'
    Mar,07 2024 How A Journalist Uncovered America's Secret Doomsday Bunkers
    Mar,07 2024 Government Banning Hardware Wallets?
    Mar,07 2024 Xiaomi 14 Ultra Full Review: I prefer to call it '13S Ultra'
    Mar,05 2024 Windows Defender vs Ransomware 2024
    Mar,04 2024 I fixed this PCIe card with tape - I can't believe this worked...
    Mar,03 2024 Auto Change IP Address in every 3 Seconds - 100% ANONYMOUS
    Mar,03 2024 Liquid Cooling is Dead
    Mar,02 2024 This AAA Hedera Powered Game Could EXPLODE HBAR'S VALUE
    Mar,02 2024 Gaming on Starlink - 2024 Review and Tes
    Mar,01 2024 World's Fastest Camera Drone Vs F1 Car (ft. Max Verstappen)
    Feb,29 2024 Top 5 Best CPU Coolers 2024
    Feb,29 2024 Tangem vs Cypherock X1 Cold Wallet - Choose Wisely!
    Feb,29 2024 The All China PC
    Feb,28 2024 The NEW Legion 7i - A Game Changer
    >> News Archive <<

    TechAmok - Privacy Policy        loading time:0.01secs