Updated:02:45 PM EDT Aug 08


this is ggmania.com subsite 25 million Android devices get infected - TechAmok

25 million Android devices get infected - [security]
06:32 PM EDT - Jul,10 2019 - (3 comments)

The name 'Agent Smith' is usually associated with the famed Matrix movie trilogy. However, it is now being used to identify a new variant of malware discovered by security provider Check Point Research. The firm reports that around 25 million Android devices have been infected by Agent Smith over the course of the last three years, and that the attackers behind the scenes may be looking to expand their reach. The malware is spread through 9Apps, a third-party apps store, and has targeted mainly Asian users; however, countries such as the U.S. and U.K. have had a high amount of device breaches as well. Essentially, the life cycle of the malware revolves around three phases that have been described in the following way:
  • 1) A dropper app lures victim to install itself voluntarily. The initial dropper has a weaponized Feng Shui Bundle as encrypted asset files. Dropper variants are usually barely functioning photo utility, games, or sex related apps.
  • 2) The dropper automatically decrypts and installs its core malware APK which later conducts malicious patching and app updates. The core malware is usually disguised as Google Updater, Google Update for U or com.google.vending. The core malware's icon is hidden.
  • 3) The core malware extracts the device's installed app list. If it finds apps on its prey list (hard-coded or sent from C&C server), it will extract the base APK of the target innocent app on the device, patch the APK with malicious ads modules, install the APK back and replace the original one as if it is an update.
  • To expand a bit upon each of these phases, 'droppers' are apps that imitate popular utilities while quietly installing malicious content on a device. The dropper variants deployed as part of this attack include a number of different applications that may attract users of all ages. These typically offer little to no functionality, but a one-time installation is all that's required to address a major phase of the attack - actually getting the malware on the target device. Moving on, the core module of a 'loader' that's additionally coded with the dropper gets installed, and begins searching the infected device for pre-determined popular apps. The pre-determined list of apps is obtained through contact with a command-and-control (C&C) server. The apps include some highly popular and widely-used ones, such as WhatsApp, ShareIt, MX Player, the Opera browser and more. The loader then works with various other modules to infect the legitimate applications with its own code. As a result of this alteration, Android's package manager is duped into considering the malicious files as an update for said applications. Throughout the following 'update' process, the malware disguises itself as a Google-related updating tool, thus not rousing users' suspicions. The breached apps, now carrying the malicious ad modules patched into their APKS, start displaying these ads as a replacement of in-app activity. Even if said app isn't specified in the pre-created list, the ads are simply shown on any activity that is being loaded at the time. Notably, 'Agent Smith' will continue to infect the same device multiple times, whenever the latest malicious patches are available.

    Based on its research, Check Point believes that a Chinese firm operating in the city of Guangzhou is the main culprit behind the attacks. The name of the company has been redacted from its publication, and information related to the attacks has been provided to law enforcement officials, as well as Google, to assist them in further investigation. Although this form of malware was initially only spread through 9Apps, the researchers discovered traces of the malicious actors looking to spread their system to Play Store applications as well. During the search, 11 Play Store apps were found to be connected to the attackers. However, Check Point does state that it has worked closely with Google to remove all of these from the Play Store. Google has not issued a public statement regarding the matter as of yet, though we'll keep you updated. For now, do make sure that you download your applications from a trustworthy app store, and be on the lookout for ads that may crop up at unusual times.

    last 10 comments:

    (11:58 AM EDT - Jun,02 2020) - jackyj
    thankyou for sharing online healing courses
    (11:58 AM EDT - Jun,02 2020) - jackyj
    (06:59 AM EDT - May,13 2020) - fazadoxe
    The recent news break about the technology that there are millions of devices who are infected during the security breach. All this news is covering by uk essays review who provides the authentic news on all the technology.

    Add your comment (free registrationrequired)

    Short overview of recent news articles

    Aug,08 2020 Apple Bans Game-Streaming Services From iOS
    Aug,08 2020 Horizon Zero Dawn Complete Edition Released
    Aug,08 2020 Intel Hit by a Devastating Data Breach, Chip Designs, Code
    Aug,06 2020 Intel will announce its Tiger Lake processors on September 2
    Aug,05 2020 Samsung Galaxy Note20 Ultra Ecosystem: Official Introduction
    Aug,05 2020 Galaxy Note20 Series Focuses on Video, Note-Taking
    Aug,05 2020 Samsung Galaxy Z Fold 2 Coming to Verizon, T-Mobile
    Aug,05 2020 Samsung Intros New Earbuds and Watch
    Aug,05 2020 AMD Radeon Adrenalin 2020 Edition 20.8.1 Driver
    Aug,04 2020 200 Watt car mounted laser!
    Aug,04 2020 A Large Explosion Took Place In Beirut
    Aug,04 2020 Xbox Cloud Gaming Launching on Android September 15th
    Aug,04 2020 Samsung's Most Affordable 5G Phone Hits US This Month
    Aug,03 2020 The Ultimate PS4 Pro: 8TB SSD Upgrade
    Aug,03 2020 Microsoft confirms its intention to buy TikTok
    Aug,02 2020 Teenage Bounty Hunters - Official Trailer
    Aug,02 2020 Watch 15-Year-Old's Short Film 'Numb'
    Aug,02 2020 //HEX Released
    Aug,01 2020 Microsoft won't open its physical offices until early 2021
    Aug,01 2020 Microsoft reportedly in talks to buy TikTok
    Aug,01 2020 NASA launches Perseverance rover on mission to Mars
    Jul,30 2020 Intel Overhauls its Corporate Identity
    Jul,30 2020 Google Offers New Free Backup Options for iOS and Android
    Jul,30 2020 Qualcomm Quick Charge 5 can Fully Charge Your Phone in Under 15
    Jul,28 2020 Intel Core i9-10850K Officialy Clocked At 5.2GHz
    Jul,28 2020 Samsung's Galaxy Watch 3 Explored
    Jul,27 2020 NVIDIA Releases Hotfix Driver Version 451.85
    Jul,26 2020 Windows 10's latest update bug is breaking internet
    Jul,24 2020 Newest Gorilla Glass Protects Against Both Drops and Scratches
    Jul,24 2020 Samsung Money Launches, Adds Exclusive Discounts
    Jul,24 2020 Avatar Sequels Delayed, New Release Dates Revealed
    Jul,21 2020 LG's Premium Velvet Launching in US for $600
    Jul,21 2020 10 modern layouts in 1 line of CSS
    Jul,20 2020 Windows 10X Delayed to 2021, Loses Win32 Support
    Jul,20 2020 Microsoft Cloud PC is Coming in Spring 2021
    Jul,20 2020 Samsung Galaxy Buds Live In-Ear 'Bean' Earbuds Leak On Video
    Jul,19 2020 Gamer Girl - Official Teaser Trailer (2020)
    Jul,17 2020 Why do Casio calculators get this wrong?
    Jul,17 2020 This is The Deepest Hole on Earth. What's At The Bottom?
    Jul,17 2020 Facebook Messenger Adds Screen Sharing
    >> News Archive <<

    TechAmok - Privacy Policy        loading time:0.01secs