25 million Android user infected with malware attack on WhatsApp

25 million Android user infected with malware attack on WhatsApp

Technology

Up to 25 million Android phones have been attacked by malware that replaces installed applications like WhatsApp with malignant versions that display ads, cybersecurity researchers warned on Wednesday.

By Miami Daily Newspaper

Nicknamed Agent Smith, the malware abuses the previously known weaknesses in the Android operating system, which makes upgrading to the latest patched version of the Google operating system a priority, said Israeli security company Check Point.

The majority of the victims are in India, where up to 15 million are infected. But there are more than 300,000 in the US, with another 137,000 in the UK, which makes this one of the most serious threats that have affected Google’s operating system in recent memory.

The malware has been spread through an application store 9apps.com, owned by the Chinese company Alibaba, instead of the official Google Play store. Typically, these non-Google Play attacks are focused on developing countries, which makes the success of hackers in the US and the United Kingdom is more remarkable, said Check Point.

While the replaced applications will show malicious ads, whoever is behind the hacks could make it worse, Check Point warned in a blog post. “Because of its ability to hide its launcher icon and embody any popular application existing on a device, there are endless possibilities for this type of malware to damage a user’s device,” the researchers wrote.

They said they had warned Google and the relevant law enforcement agencies. Google had not provided comments at the time of publication.

Normally the attack works in the following way: users download an application from the store – photo apps, games or themed apps for adults (a so-called Kiss Game): Touch Her Heart is announced with a cartoon of a man kissing a scarcely dressed woman). This application silently installs malware, disguised as a legitimate tool from a Google update. There is no icon for it on the screen, which makes it even more private. Legitimate applications are replaced by an erroneous update for fake advertisements to work. The researchers said that the ads themselves were not malicious per se. But in a typical advertising fraud scheme, every click on an ad will send money to hackers, according to the pay-per-click system.