A dangerous new mobile malware named after The Matrix’s main villain has infiltrated more than 25 million Android devices around the world – and Malaysia was among the worst-hit in Southeast Asia, a report has revealed.
On Thursday (July 11), cybersecurity software company Check Point Software Technologies’ research arm (Check Point Research) said in a news release that the malware – dubbed “Agent Smith” – automatically replaces installed apps with “malicious” versions without the user’s knowledge.
The dubious software stealthily does this by disguising itself as a Google-related app and exploiting known Android operating system vulnerabilities.
Malaysia has third highest number of infection in SEA
Nearly one million devices in Southeast Asia fell victim to the trickery and were “quietly” infected, according to Check Point Research. In Malaysia, 55,647 devices were reported to have been attacked by Agent Smith, making it the third highest in the region.
Indonesia, which was the most affected country in the region, had 572,025 devices affected by the malware – 10 times Malaysia’s figure. India, however, had more than 15 million infected devices and over 2 billion infection events – the highest in the world.
Other Southeast Asian countries that were affected include The Philippines (226,701), Malaysia (55,647), Thailand (52,848) and Vietnam (32,916) and Singapore (6,257).
What does Agent Smith do?
Check Point Research noted that Agent Smith currently uses “broad access” to the devices’ resources to display fraudulent advertisements for financial gain. However, the team said the software “could easily be used for far more intrusive and harmful purposes”, such as stealing banking credentials and eavesdropping.
It added that the activity resembles previous malware campaigns like Gooligan, Hummingbad and CopyCat.
Check Point Software Technologies’ head of mobile threat detection research, Jonathan Shimonovich, said: “The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own.
He added that the best protection against invasive mobile malware attacks from the likes of Agent Smith would be to combine advanced threat prevention and threat intelligence while adopting a “hygiene first” approach to safeguard digital assets.
Users are also advised to only perform downloads on trusted app stores to lower their exposure to infection as third party stores would typically lack the necessary security measures to block adware-loaded apps, Shimonovich said.
According to Check Point Research’s online blog, Agent Smith started proliferating through widely-used third party app store “9Apps”, and targeted mainly Hindi, Arabic, Russian and Indonesian speaking users.
Although primary victims were observed to be mostly based in India (59 per cent), the research team said that unlike previously seen malware campaigns that did not involve Google Play and affected mostly developing countries, Agent Smith had a “significant impact” on developed nations as well, where Google Play is “readily available.
These include the US which saw approximately 303,000 infections, Saudi Arabia (245,000), Australia (141,000) and the UK (137,000).
Check Point added that it has submitted data to Google and law enforcement units to facilitate further investigation. At the time of publishing the report, no malicious apps were found to remain on the Google Play Store, it said.
- 3 out of 4 mobile apps downloaded by consumers last year have vulnerabilities that could let hackers steal your passwords and other sensitive data
- A laptop infected with 6 of the most dangerous computer viruses in history was sold at auction to an anonymous buyer for $1.345 million — here’s what each virus can do
- Scammers are still posing as people’s ‘friends’ to steal WhatsApp verification codes – here’s what to look out for
- Criminals could be secretly mining cryptocurrency on your computer, especially if you live in Asia Pacific: Microsoft study