Android Malware Disguised In Whatsapp Targets 25 Million Phones

Share
Listen to this article!
Voiced by Amazon Polly

Cyber security experts on Wednesday reported that malware replacements for applications like WhatsApp have influenced 25 million Android devices through malicious versions that display ads. Quoted a report by Forbes.

The malware abuses, dubbed Agent Smith, previously recognized weaknesses on the Android operating system, prioritizing the upgrade to Google’s latest patched OS version, Israeli safety firm Check Point stated.

The majority of the victims are in India. Up to 15 million devices have been infected. But there are over 300,000 people in the United States, another 137,000 in the United Kingdom. This makes it one of the harshest threats to Google’s OS.

The malware is distributed through a third-party app store, 9apps.com, owned not officially held by Google Play but by China’s Alibaba. Usually, such non-Google Play assaults target developing nations, which makes the success of hackers in the US and the UK more noteworthy.

While substituted applications provide malicious advertisements, anyone behind them can do worse, warns Check Point in a blog. “Due to its ability to hide it’s icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device,” the scientists wrote.

They said that Google and the law enforcement agencies involved were being advised.

Users usually download a shop app–typically a photoshop, games or adult theme applications (one called Kiss Game: Touch Her Heart is advertised for a person who kisses a slightly clad female). This app installs the malware quietly, disguised as a legal Google update instrument. There is no icon on the screen to this effect, which makes it even more sudden. Legitimate apps-from WhatsApp to Opera and more-are substituted by an incorrect update to serve the malicious advertisements. They said the ads were not malevolent in and of themselves. Yet every click on an ad injected ad will return cash to hackers in a typical ad fraud scheme, according to a conventional pay-per-click system.

There are some indicators that the attackers plan to move to Google Play. Researchers from Check Point said that they discovered 11 Google apps containing a “dormant” component of the hackers’ software. These applications were quickly taken down by Google.

Check Point thinks that an unidentified Chinese company in Guangzhou has built the malware while running a company which supports the development of Chinese Android applications on foreign platforms.

What can you do to avoid this attack?

Aviran Hazum, Head of Cyber Analysis and Response at Check Point, said that if consumers experience displayed advertising at unusual moments like opening WhatsApp, they must act. The legit WhatsApp does not provide advertisements.

First, go to settings for Android, then to applications and notifications. Next, you have to search for suspect apps, such as Google Updater, Google Installer for U, Google Powers and Google Installer. Click in and un-install the suspect app.

If you do not, it could help to stay away from unofficial Android application shops because the additional Google protections are intended to avoid malware. It doesn’t always pay off Google’s attempts. Earlier this week, a warning was issued about a Google Play malware that recorded bank users sessions.

Author

Anirudh Muley
Anirudh Muley
Anirudh is the Editor in Chief and Main Writer at Clickdotme. He does not like describing himself in the third-person and had a hard time coming up with these two sentences!
Advertisements

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: