Updated:05:48 PM EST Nov 18


this is ggmania.com subsite 25 million Android devices get infected - TechAmok

TOP STORIES

HEADLINES

7nm Intel Xe GPUs Codenamed 'Ponte Vecchio'
Windows 10 Nov 2019 Update 1909 Released
iPhone 11 Pro vs Original iPhone!
OZZY OSBOURNE - "Under the Graveyard"
NVIDIA Releases GeForce 441.12 WHQL Game Ready Drivers
Death Stranding Rick & Morty ad
2020 Mercedes-Maybach S 650 BRABUS 900 - Details
Slipknot - Psychosocial in 25 styles
No shots Dr. Vet man! I am fierce! Ok, one shot... But I didn't
PCI-Express Gen 6.0 Specification to Finalize by 2021
Greta Thunberg sings Swedish Death Metal
2 Hands 2 Drawings at the same Time - DP Truong
Naruto Running in Area 51
App vs website
Experiment: Coca Cola and Mentos Under Water
Wi-Fi 6 Launches Today As 802.11ax
How Close Are We to Immortality?
20 MOST EMBARRASSING MOMENTS IN SPORTS

Google Stadia - Early reviews
Why Car Windows Have Little Black Dots
Google Maps Can Now Speak Aloud Places in Foreign Languages
NVIDIA Announces Financial Results for Third Quarter Fiscal 2020
AMD Releases Radeon Software Adrenalin 19.11.2
7nm Intel Xe GPUs Codenamed 'Ponte Vecchio'
Insane SpaceX Starlink Pass Nov 12, 2019
Minecraft Earth Launches in US
Windows 10 Nov 2019 Update 1909 Released
NVIDIA Releases GeForce 441.20 WHQL Drivers
Samsung Faces Factory Contamination
The Best Selling Recording Artists From 1969 To 2019
Which is the best graphics card for Red Dead Redemption 2?
iPhone 11 Pro vs Original iPhone!
New Alcatel 3V Offers Huge Screen and Battery
Google Expands Effort to Block Bad Apps
OZZY OSBOURNE - "Under the Graveyard"
AMD Announces Ryzen 9 3950X

25 million Android devices get infected - [security]
06:32 PM EDT - Jul,10 2019 - post a comment

The name 'Agent Smith' is usually associated with the famed Matrix movie trilogy. However, it is now being used to identify a new variant of malware discovered by security provider Check Point Research. The firm reports that around 25 million Android devices have been infected by Agent Smith over the course of the last three years, and that the attackers behind the scenes may be looking to expand their reach. The malware is spread through 9Apps, a third-party apps store, and has targeted mainly Asian users; however, countries such as the U.S. and U.K. have had a high amount of device breaches as well. Essentially, the life cycle of the malware revolves around three phases that have been described in the following way:
  • 1) A dropper app lures victim to install itself voluntarily. The initial dropper has a weaponized Feng Shui Bundle as encrypted asset files. Dropper variants are usually barely functioning photo utility, games, or sex related apps.
  • 2) The dropper automatically decrypts and installs its core malware APK which later conducts malicious patching and app updates. The core malware is usually disguised as Google Updater, Google Update for U or com.google.vending. The core malware's icon is hidden.
  • 3) The core malware extracts the device's installed app list. If it finds apps on its prey list (hard-coded or sent from C&C server), it will extract the base APK of the target innocent app on the device, patch the APK with malicious ads modules, install the APK back and replace the original one as if it is an update.
  • To expand a bit upon each of these phases, 'droppers' are apps that imitate popular utilities while quietly installing malicious content on a device. The dropper variants deployed as part of this attack include a number of different applications that may attract users of all ages. These typically offer little to no functionality, but a one-time installation is all that's required to address a major phase of the attack - actually getting the malware on the target device. Moving on, the core module of a 'loader' that's additionally coded with the dropper gets installed, and begins searching the infected device for pre-determined popular apps. The pre-determined list of apps is obtained through contact with a command-and-control (C&C) server. The apps include some highly popular and widely-used ones, such as WhatsApp, ShareIt, MX Player, the Opera browser and more. The loader then works with various other modules to infect the legitimate applications with its own code. As a result of this alteration, Android's package manager is duped into considering the malicious files as an update for said applications. Throughout the following 'update' process, the malware disguises itself as a Google-related updating tool, thus not rousing users' suspicions. The breached apps, now carrying the malicious ad modules patched into their APKS, start displaying these ads as a replacement of in-app activity. Even if said app isn't specified in the pre-created list, the ads are simply shown on any activity that is being loaded at the time. Notably, 'Agent Smith' will continue to infect the same device multiple times, whenever the latest malicious patches are available.

    Based on its research, Check Point believes that a Chinese firm operating in the city of Guangzhou is the main culprit behind the attacks. The name of the company has been redacted from its publication, and information related to the attacks has been provided to law enforcement officials, as well as Google, to assist them in further investigation. Although this form of malware was initially only spread through 9Apps, the researchers discovered traces of the malicious actors looking to spread their system to Play Store applications as well. During the search, 11 Play Store apps were found to be connected to the attackers. However, Check Point does state that it has worked closely with Google to remove all of these from the Play Store. Google has not issued a public statement regarding the matter as of yet, though we'll keep you updated. For now, do make sure that you download your applications from a trustworthy app store, and be on the lookout for ads that may crop up at unusual times.


    Add your comment (free registrationrequired)

    Short overview of recent news articles

    Nov,18 2019 Google Stadia - Early reviews
    Nov,16 2019 Why Car Windows Have Little Black Dots
    Nov,16 2019 Google Maps Can Now Speak Aloud Places in Foreign Languages
    Nov,16 2019 NVIDIA Announces Financial Results for Third Quarter Fiscal 2020
    Nov,16 2019 AMD Releases Radeon Software Adrenalin 19.11.2
    Nov,14 2019 7nm Intel Xe GPUs Codenamed 'Ponte Vecchio'
    Nov,13 2019 Insane SpaceX Starlink Pass Nov 12, 2019
    Nov,13 2019 Minecraft Earth Launches in US
    Nov,13 2019 Windows 10 Nov 2019 Update 1909 Released
    Nov,12 2019 NVIDIA Releases GeForce 441.20 WHQL Drivers
    Nov,11 2019 Samsung Faces Factory Contamination
    Nov,10 2019 The Best Selling Recording Artists From 1969 To 2019
    Nov,10 2019 Which is the best graphics card for Red Dead Redemption 2?
    Nov,08 2019 iPhone 11 Pro vs Original iPhone!
    Nov,08 2019 New Alcatel 3V Offers Huge Screen and Battery
    Nov,08 2019 Google Expands Effort to Block Bad Apps
    Nov,08 2019 OZZY OSBOURNE - "Under the Graveyard"
    Nov,07 2019 AMD Announces Ryzen 9 3950X
    >> News Archive <<

    TechAmok - Privacy Policy        loading time:0.01secs