Hackers are trying to replace real apps, like WhatsApp, with ad-serving fake versions, a cybersecurity company has warned.
Cybersecurity researchers warned Wednesday that as many as 25 million Android phones have been hit with malware that replaces installed apps like WhatsApp with evil versions that serve up advert.
Dubbed Agent Smith, the malware abuses previously-known weaknesses in the Android operating system, making updating to the latest, patched version of Google's operating system a priority, Israeli security company Check Point said.
Most victims are based in India, where as many as 15 million were infected. But there are more than 300,000 in the U.S., with another 137,000 in the U.K., making this one of the more severe threats to have hit Google's operating system in recent memory.
The malware has spread via a third party app store 9apps.com, which is owned by China’s Alibaba, rather than the official Google Play store. Typically, such non-Google Play attacks focus on developing countries, making the hackers' success in the U.S. and the U.K. more remarkable, Check Point said.
"Due to its ability to hide it’s icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device," the researchers wrote in a blog post.
They said they’d warned Google and the relevant law enforcement agencies. Google hadn't provided comment at the time of publication.
The Check Point researchers said they'd found 11 apps on Google's store that contained a "dormant" piece of the hackers software. Google swiftly took those apps down.
Check Point believes an unnamed Chinese company based in Guangzhou has been building the malware, whilst operating a business that helps Chinese Android developers promote their apps on overseas platforms.
Check Point said that if users experience advertisements displayed at odd times, such as when they open WhatsApp, they should take action. The legitimate WhatsApp, of course, does not serve ads.
First, go to Android settings, then the apps and notifications section. Next, got to the app info list and look for suspicious applications with names like Google Updater, Google Installer for U, Google Powers and Google Installer. Click into the suspicious application and choose to uninstall it.