According to Check Point researchers, attackers are distributing a new kinds of Android malware that disguises itself as innocent-looking photo editing, adult entertainment, or gaming apps and is available through commonly used third-party app stores.
The main victims are based in India so far, although other Asian nations like Pakistan and Bangladesh are also affected, as are even a significant amount of machines in the UK, Australia and the US.
What Does “Agent Smith” Do?
According to Check Point Researchers.....
In the first stage, the attacker lures users from an app store like 9Apps to download a dropper application. Usually these droppers are disguised as free games, utility apps or apps for adult entertainment, yet they contain an encrypted malicious payload. The dropper application then checks if any famous apps such as WhatsApp, MXplayer, ShareIt and more are installed on the machine from the pre-determined list of the attacker. "Agent Smith" will then attack those innocent apps at a subsequent point if any targeted request is discovered.
In the second stage, it automatically decrypts the malicious payload into its initial form after the dropper gains a foothold on victim device– an APK (Android installation file) file that serves as the key component of the "Agent Smith's assault." The dropper then abusses several vulnerabilities of the renowned scheme to install the key malware without any user interaction.
The key malware performs attacks in the third stage against each installed device implementation that appears on its target list. The core malware quietly extracts the APK file of a specified innocent application, patches it with additional malicious modules and ultimately abusses another set of system vulnerabilities to silently replace the innocent version with a malicious one.
How to be save
To keep your android phone save from viruses, malware, trozen, adware etc like this, stop downloading apps from other sources or from other shared using any offline methods. Use playstore as your primary download source.
