Devices in Singapore were hit by malware which secretly replaces apps with malicious versions

A dangerous new mobile malware named after The Matrix’s main villain has infiltrated more than 25 million Android devices around the world – and more than 6,000 in Singapore, a report has revealed.

On Thursday (July 11), cybersecurity software company Check Point Software Technologies’ research arm (Check Point Research) said in a news release that the malware – dubbed “Agent Smith” – automatically replaces installed apps with “malicious” versions without the user’s knowledge.

The dubious software stealthily does this by disguising itself as a Google-related app and exploiting known Android operating system vulnerabilities.

Google Play Store apps which were reportedly found to be affected by Agent Smith malware.
Check Point Research

Singapore least affected in SEA, India worst-hit globally

Nearly one million devices in Southeast Asia fell victim to the trickery and were “quietly” infected, according to Check Point Research. Although 6,257 devices in Singapore were found to be hit with Agent Smith, this statistic was far from the worst.

Indonesia, which was the most affected country in the region, had 572,025 devices affected by the malware while India had more than 15 million infected devices and over 2 billion infection events – the highest in the world.

The top 10 countries with the most number of Agent Smith infections.
Check Point Research

Other Southeast Asian countries that were affected include The Philippines (226,701), Malaysia (55,647), Thailand (52,848) and Vietnam (32,916). Singapore was observed to have the least number of attacks in the region.

What does Agent Smith do?

Check Point Research noted that Agent Smith currently uses “broad access” to the devices’ resources to display fraudulent advertisements for financial gain. However, the team said the software “could easily be used for far more intrusive and harmful purposes”, such as stealing banking credentials and eavesdropping.

Agent Smith’s flow of attack as portrayed by Check Point Research.
Check Point Research

It added that the activity resembles previous malware campaigns like Gooligan, Hummingbad and CopyCat.

Check Point Software Technologies’ head of mobile threat detection research, Jonathan Shimonovich, said: “The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own.

He added that the best protection against invasive mobile malware attacks from the likes of Agent Smith would be to combine advanced threat prevention and threat intelligence while adopting a “hygiene first” approach to safeguard digital assets.

Users are also advised to only perform downloads on trusted app stores to lower their exposure to infection as third party stores would typically lack the necessary security measures to block adware-loaded apps, Shimonovich said.

Indiscriminate infections

According to Check Point Research’s online blog, Agent Smith started proliferating through widely-used third party app store “9Apps”, and targeted mainly Hindi, Arabic, Russian and Indonesian speaking users.

Although primary victims were observed to be mostly based in India (59 per cent), the research team said that unlike previously seen malware campaigns that did not involve Google Play and affected mostly developing countries, Agent Smith had a “significant impact” on developed nations – where Google Play is “readily available” – as well.

These include the US which saw approximately 303,000 infections, Saudi Arabia (245,000), Australia (141,000) and the UK (137,000).

A world infection heat map showing the hotspots of Agent Smith attacks. The most number of infections were observed in India.
Check Point Research

Check Point added that it has submitted data to Google and law enforcement units to facilitate further investigation. At the time of publishing the report, no malicious apps were found to remain on the Google Play Store, it said.

Hi there,
I would like to enquire about your services.
Powered by