Updated:04:52 PM EDT Aug 20


this is ggmania.com subsite 25 million Android devices get infected - TechAmok

TOP STORIES

HEADLINES

Windows 10 20H1 major improvements revealed
Slipknot - Gun Cover!
10-Second Video Of A Mom Embarrassing Her Daughter
Lock Picker Bypasses Popular Security System With $2 Device
NVIDIA Issues Warning to Upgrade Drivers Due to Security Patches
20 Awesome Tricks with WD-40
Slipknot - Solway Firth [OFFICIAL VIDEO]
Japan-Korea Trade Spat and Toshiba Blackout Hike DRAM Prices by 20%
3 FROM HELL Official Trailer (2019) Rob Zombies, Horror Movie
25 million Android devices get infected
Ryzen 9 3900X & Ryzen 7 3700X Review
3-Second Video Of A Cat Jumping Over A Gate
Emily Ratajkowski Dancing GIF
Fast & Furious Presents: Hobbs & Shaw - Final Trailer
Intel to Cut Prices of its Desktop Processors by 15%
Succubus Trailer
DXR Tech Demo
Terminator: Dark Fate - Official Teaser Trailer (2019)

A Dude Getting Pranked By Skillful Turkish Ice Cream Scooper
Why Jurassic Park Looks Better Than Its Sequels
Microsoft App Brings Spam Filter, AI Sorting to Your Text Messages
Apple is planning to launch Apple TV+ by November at $9.99 per month
Apple Card is now available + 3% cash back for Uber / Uber Food
WD announces a 12TB external HDD
NVIDIA GeForce 436.02 WHQL driver
Marvel's Avengers Gameplay Video
Modern Warfare - Official GeForce RTX Ray Tracing Reveal Trailer
Madison Beer Staring Into The Camera
Google Drive will introduce long-asked-for file shortcuts feature
New Attack exploiting serious Bluetooth weakness
YouTube Originals will be free beginning Sept 24 to non-paying users
Dave Chappelle Netflix Standup Comedy Special Trailer
Botanist Rescues Abandoned Coyote Pup
Apple reportedly locking out unauthorized battery replacement
Certified Drivers Apparently Unsafe
AA tells airlines MacBook Pros with defective batteries can't fly

25 million Android devices get infected - [security]
06:32 PM EDT - Jul,10 2019 - post a comment

The name 'Agent Smith' is usually associated with the famed Matrix movie trilogy. However, it is now being used to identify a new variant of malware discovered by security provider Check Point Research. The firm reports that around 25 million Android devices have been infected by Agent Smith over the course of the last three years, and that the attackers behind the scenes may be looking to expand their reach. The malware is spread through 9Apps, a third-party apps store, and has targeted mainly Asian users; however, countries such as the U.S. and U.K. have had a high amount of device breaches as well. Essentially, the life cycle of the malware revolves around three phases that have been described in the following way:
  • 1) A dropper app lures victim to install itself voluntarily. The initial dropper has a weaponized Feng Shui Bundle as encrypted asset files. Dropper variants are usually barely functioning photo utility, games, or sex related apps.
  • 2) The dropper automatically decrypts and installs its core malware APK which later conducts malicious patching and app updates. The core malware is usually disguised as Google Updater, Google Update for U or “com.google.vending”. The core malware's icon is hidden.
  • 3) The core malware extracts the device's installed app list. If it finds apps on its prey list (hard-coded or sent from C&C server), it will extract the base APK of the target innocent app on the device, patch the APK with malicious ads modules, install the APK back and replace the original one as if it is an update.
  • To expand a bit upon each of these phases, 'droppers' are apps that imitate popular utilities while quietly installing malicious content on a device. The dropper variants deployed as part of this attack include a number of different applications that may attract users of all ages. These typically offer little to no functionality, but a one-time installation is all that's required to address a major phase of the attack - actually getting the malware on the target device. Moving on, the core module of a 'loader' that's additionally coded with the dropper gets installed, and begins searching the infected device for pre-determined popular apps. The pre-determined list of apps is obtained through contact with a command-and-control (C&C) server. The apps include some highly popular and widely-used ones, such as WhatsApp, ShareIt, MX Player, the Opera browser and more. The loader then works with various other modules to infect the legitimate applications with its own code. As a result of this alteration, Android's package manager is duped into considering the malicious files as an update for said applications. Throughout the following 'update' process, the malware disguises itself as a Google-related updating tool, thus not rousing users' suspicions. The breached apps, now carrying the malicious ad modules patched into their APKS, start displaying these ads as a replacement of in-app activity. Even if said app isn't specified in the pre-created list, the ads are simply shown on any activity that is being loaded at the time. Notably, 'Agent Smith' will continue to infect the same device multiple times, whenever the latest malicious patches are available.

    Based on its research, Check Point believes that a Chinese firm operating in the city of Guangzhou is the main culprit behind the attacks. The name of the company has been redacted from its publication, and information related to the attacks has been provided to law enforcement officials, as well as Google, to assist them in further investigation. Although this form of malware was initially only spread through 9Apps, the researchers discovered traces of the malicious actors looking to spread their system to Play Store applications as well. During the search, 11 Play Store apps were found to be connected to the attackers. However, Check Point does state that it has worked closely with Google to remove all of these from the Play Store. Google has not issued a public statement regarding the matter as of yet, though we'll keep you updated. For now, do make sure that you download your applications from a trustworthy app store, and be on the lookout for ads that may crop up at unusual times.


    Add your comment (free registrationrequired)

    Short overview of recent news articles

    Aug,20 2019 A Dude Getting Pranked By Skillful Turkish Ice Cream Scooper
    Aug,20 2019 Why Jurassic Park Looks Better Than Its Sequels
    Aug,20 2019 Microsoft App Brings Spam Filter, AI Sorting to Your Text Messages
    Aug,20 2019 Apple is planning to launch Apple TV+ by November at $9.99 per month
    Aug,20 2019 Apple Card is now available + 3% cash back for Uber / Uber Food
    Aug,20 2019 WD announces a 12TB external HDD
    Aug,20 2019 NVIDIA GeForce 436.02 WHQL driver
    Aug,20 2019 Marvel's Avengers Gameplay Video
    Aug,19 2019 Modern Warfare - Official GeForce RTX Ray Tracing Reveal Trailer
    Aug,19 2019 Madison Beer Staring Into The Camera
    Aug,18 2019 Google Drive will introduce long-asked-for file shortcuts feature
    Aug,18 2019 New Attack exploiting serious Bluetooth weakness
    Aug,17 2019 YouTube Originals will be free beginning Sept 24 to non-paying users
    Aug,16 2019 Dave Chappelle Netflix Standup Comedy Special Trailer
    Aug,16 2019 Botanist Rescues Abandoned Coyote Pup
    Aug,16 2019 Apple reportedly locking out unauthorized battery replacement
    Aug,16 2019 Certified Drivers Apparently Unsafe
    Aug,15 2019 AA tells airlines MacBook Pros with defective batteries can't fly
    >> News Archive <<

    TechAmok - Privacy Policy        loading time:0.01secs