Malware attacks aren't uncommon, but their very existence is disturbing despite the technological advancements we've been making over the years. Every time a new loophole is shut, hackers find a way to break in another way, putting millions at risk. The latest one that has been making the headline has a dramatic name, but it poses a significant risk to over 1.5 crore Android smartphones in India.
The stealth operations of the malware make it hard to get caught, hence earning its nickname "Agent Smith." According to Israel-based cyber-security firm CheckPoint, the malware is "disguised as a Google-related application, and exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without users' knowledge or interaction." So far, there hasn't been any evidence of stealing any data, but a malware residing in your smartphone with deep access cannot be trusted.
According to the report, Agent Smith malware displays fraudulent ads for financial gain. But the extent of the malware's reach can be used to exploit other sensitive information such as retrieving banking credentials or even spying.
How does Agent Smith malware work?
Agent Smith malware is heavily reliant on third-party app stores. The malware will deceive unsuspecting users disguising itself as a legit Google updating tool. When a user installs an app from a third-party store, in this case, Alibaba-owned 9apps.com, the malware is injected without any indicator of an icon on the screen except for the app installed. Once infected, the malware can alter and replace legit apps like WhatsApp, Hotstar, Jio apps with a malicious update.
"Due to its ability to hide it's icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user's device," the researchers wrote.
The easiest tell is if your WhatsApp is showing ads then the device is infected by Agent Smith malware. WhatsApp is planning to show ads in the Status, but the ads shown by the malware are different than that and fraudulent. They don't seem malicious in the way they could steal your data but hackers make money through the pay-per-click system.
As dangerous as the infection sounds, especially considering the data we store on our phones these days, there's no reason to go into a panic. First things first, go to the list of applications on your phone, not just from the home screen but from Settings > Apps page. Go through all apps and look for suspicious apps with names like Google Updater, Google Installer for U, Google Powers and Google Installer, and uninstall them.
It's also worth pointing out that the malware can only infect your phone if an app is downloaded from a third-party app store. As long as you can stay away from unofficial app stores, you are good to go.