WhatsApp under new malware attack, over 1.5 million users affected in India
New Delhi : If you are getting an ad popping out when you open your WhatsApp on smart devices then you may be under the attack of malware called 'Agent Smith'.
According to a news report, the malware has already affected 2.5 crore devices with 1.5 crores in India. Even in US, more than 3 lakh users have been affected, making it one of the worst attacks on Android operating system in the recent memory.
The malware has been named 'Agent Smith', based on its capabilities to attack Android devices without even being noticed. So far, it is known for only showing ads on the social networks and it is not found to be stealing the mobile data.
According to the Israeli security firm, Check Point, the malware is "disguised as a Google-related application, and exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without users' knowledge or interaction."
The malware uses its broad access to the devices' resources to show fraudulent ads for financial gain, but could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping. This activity resembles previous malware campaigns such as Gooligan, Hummingbad and CopyCat, Check Point added.
How Agent Smith malware attacks Android Phones?
The malware gets injected when a user downloads an app from a third party app store. The app installs the malware, masked as a legitimate Google updating tool. The installed app does not show off an icon on the screen. The legitimate apps like WhatsApp are then altered and replaced with an malicious update which then serve ads.
Malware has spread as several users give official Google Ply Store a miss and download apps from third party app stores like 9apps.com. It is targeted at mostly Hindi, Arabic, Russian, Indonesian speaking users.
"So far, the primary victims are based in India though other Asian countries such as Pakistan and Bangladesh have also been impacted. There has also been a noticeable number of infected devices in the United Kingdom, Australia and the United States," said Check Point.
