0
1
Researchers discovered a new Android malware called “Agent Smith” that infects nearly 25 million mobile users around the globe without letting users know about the malicious activities.
Agent Smith malware activities have a similar appearance of previously reported malware campaigns such as Gooligan, HummingBad, and CopyCat.
Malware posed as a legitimate Google app and takes advantage of the known vulnerabilities to exploit the device and replacing the already installed apps with its malicious version without any form of users interaction.
The ultimate motivation of the threat actors behind Agent Smith Malware is to push the malicious advertisements and harm the device to steal the bank credentials and other forms of financial gain.
Threat actors behind this Agent smith primary targets are India though other Asian countries such as Pakistan and Bangladesh.
Since Android keeps on securing its environment by applying frequent security patches, threats actors continue to develop the sophisticated infection chains to finding the new loopholes.
Infection Landscape
“Agent Smith” seems to be the first malware that using new loopholes, such as Janus, Bundle and Man-in-the-Disk, to achieve a 3-stage infection chain and build a botnet of compromised devices.
Agent Smith is not just infecting the single app in the targeted device, but it keeps on checking all the apps which are in the targeted list and it does the same until it finds the pre-listed apps.
Researchers estimated that the malware-infected over 2.8 billion times with 25 Million unique devices and its abuses 9Apps market using 360 different dropper variants.
There are 5 most infectious droppers that listed below were found in the list and these droppers alone have been downloaded more than 7.8 million.
Source: gbhackers.com
