A new strain of Android malware has infected 25 million devices021 Archivesmodified legitimate apps with a malicious ads module, according to a report by the security company Check Point.
It's believed the malware originated from a Chinese internet company that helps Chinese Android developers publish and promote their apps in foreign markets. The malware was disguised as Google-related updaters and "vending modules," which hid its own app icons and automatically replaced already-installed legitimate apps with its own version without the user knowing. This lead the researchers to name the malware "Agent Smith" because its behavior is similar to the character in the film The Matrixof the same name.
The malware first appeared in popular third-party app store 9Apps and targeted mostly Indian, Pakistani and Bangladeshi users. However, of the 25 million affected devices, 303,000 infections were detected in the US, and 137,000 in the UK.
Apps that were modified include WhatsApp, Opera Mini, Flipkart, as well as software from Lenovo and Swiftkey. The malware detected which apps were installed, patched them with a malicious ads modules, and then re-installed them on the device. For the user, it simply looks like the app is being updated as expected. Once the update is complete, the owner of the malware can then profit from the newly included ads.
Check Point believes the same malware could also be used for more malicious purposes such as credit card theft, with the company's report stating, "due to [the malware's] ability to hide its icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user's device."
The security firm says they submitted data to Google and law enforcement agencies, and as of publishing no malicious apps remain on the Play Store. Nevertheless, the malware managed to survive for as long as it did because, despite the original vulnerability Agent Smith was based on being patched in Android years ago, developers did not sufficiently update their applications.
Malware like this, "requires attention and action from system developers, device manufacturers, app developers, and users, so that vulnerability fixes are patched, distributed, adopted and installed in time," Check Point says.
Topics Android Cybersecurity
Nvidia Pascal Goes Mobile: GeForce GTX 1080, 1070 & 1060 Preview
Today's Hurdle hints and answers for May 28, 2025
Best Sonos deal: Save $120 on the Sonos Ace at Amazon
Sinner vs. Gasquet 2025 livestream: Watch French Open for free
Best robot vacuum deal from the Amazon Big Spring Sale
Bluetti Solar Generator Elite 200 V2 deal: Get $800 off
OpenAI explores 'sign in with ChatGPT' for other apps
Apple launches a self
Nvidia Pascal Goes Mobile: GeForce GTX 1080, 1070 & 1060 Preview
Texas imposes strict new age verification law. Teen social media ban could be next.
'Severance' Reddit theory may have answered the 'Cold Harbor' mystery
Wordle today: The answer and hints for May 29, 2025
Keys vs. Boulter 2025 livestream: Watch French Open for free
Best Garmin deal: Get $50 off the Garmin Forerunner 165 at Amazon
New Zealand will ban plastic bags for good
Shop Popsocket's new Kick
Best controller deal: Save up to 27% on a PlayStation DualSense wireless controller
Best Kindle deal: Save $60 on Kindle Scribe Essentials Bundle
2025 Oscar winners: See the full list
Best Fire Stick deal: Save $15 on Amazon Fire Stick HD
Philosophy of Teenagers by Sadie SteinStory Stamps, and Other News by Sadie SteinWhat We’re Loving: Piano Rats, Black Flag, Bolaño by The Paris ReviewJosh Segarra is 'The Other Two's ultimate hype manWhat We’re Loving: George Packer, Joe Carstairs, Nick Laird by The Paris ReviewHow to get into swinging: A beginner's guideThe Town of Books by Sadie SteinYou’re Saying It Wrong by Sadie SteinFighting Words by Sadie SteinArnold Schwarzenegger's childhood tale ties Trump fervor to NazismTikTok Now, the BeReal clone you never used, is being discontinuedThe Dogs of Men and War: Charlie Newman and His Lost Novel by Alexander Nazaryan3 Stories of God: 79, 80, and 93How to protect yourself from Canada wildfire smokeThe Knight’s Tale, and Other News by Sadie SteinThe internet celebrates Trump's Twitter suspension with snarky memesRecovering Muriel Rukeyser’s Savage Coast by Rowena Kennedy'Quordle' today: See each 'Quordle' answer and hints for June 28'Stardew Valley' launches on Apple Arcade in July1 Story of God: 71 by Joy Williams Olivia Munn is paying a price for her bravery and it's so very wrong Fox cuts 'Predator' scene after learning actor is a sex offender 'Doctor Strange in the Multiverse of Madness' mid Coinbase launches NFT marketplace to the public, resulting in only 150 transactions on day one 'Doctor Strange in the Multiverse of Madness's Illuminati explained Colin Kaepernick's Nike ad is naturally a meme now — and even Don Jr. is getting in on it Two Wordle answers today: NY Times switches out word Was Vanilla Ice on that quarantined plane? An investigation. #PlaidShirtGuy and his facial expressions go viral during Trump rally Ultimate dad Barack Obama accidentally plays matchmaker at campaign event Ambulance officers lauded for granting dying man's wish for a sundae Trump insider who wrote anonymous op No one memes like Gaston... and now you'll never get that song out of your head 'Wordle' today: Here's the answer, hints for May 11 WhatsApp increases group size to 512 people and file size to 2GB Hear Donald Trump struggle to pronounce the word 'anonymous' Peacock's 'Girls5eva' Season 2 is bursting with bops and bits 'Wordle' today: Here's the answer, hints for May 9 People are getting roasted for their hilariously ineffective Nike protests 'The Staircase' review: Exploitative true crime at its best and worst