Check Point Research, the Threat Intelligence arm of cyber security solutions provider Check Point Software Technologies Ltd, claims to have discovered a new mobile malware called 'Agent Smith.' This malware is said to replace existing installed apps with malicious versions without users’ knowledge or interaction. According to the firm, the malware, disguised as a Google-related application, has quietly infected around 25 million devices, including 15 million mobiles in India by exploiting known Android vulnerabilities.
Check Point Research says that the malware currently accesses the resources of a device to show fraudulent ads for financial gain, however it could easily be used for far more intrusive and harmful purposes, such as theft of banking credentials and eavesdropping. This activity resembles previous malware campaigns such as Gooligan, Hummingbad and CopyCat.
“The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own. Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like Agent Smith,” Jonathan Shimonovich, Head of Mobile Threat Detection Research at Check Point Software Technologies, said in a statement.
The research firm blames users for this malware attack. It found that Agent Smith malware was originally downloaded from the third party app store 9Apps and it mostly targeted Hindi, Arabic, Russian, and Indonesian speaking users. The primary victims are reportedly based in India, though other Asian countries such as Pakistan and Bangladesh were also impacted. There has also been a noticeable number of infected devices in the UK, Australia and the US.
Recently, Check Point Research said that Emotet, the largest Botnet that was in operation until recently, has been taken down. The researchers from the firm believe that Emotet’s infrastructure could be offline for maintenance and upgrade operations, and if and when its servers are up, it could have new and enhanced threat capabilities. Emotet has been around as a banking Trojan since 2014. Since 2018, however, it has been primarily used as a botnet in major malspam campaigns and used to distribute other malware.
11/07/2019 01:42 PM