10 July 19, 14:12
(This post was last modified: 10 July 19, 14:13 by silversurfer.)
Quote:Malware researchers discovered a new malicious campaign for Android devices that replaces legitimate apps with tainted copies built to push advertisements or hijack valid ad events.
Around 25 million devices have already been infected with what researchers have dubbed "Agent Smith," after users installed an app from an unofficial Android store.
Untrusted app sources
Victims are lured with the promise of photo utility, game, or adult app that carries a malicious package. Once on the devices, the bait app decrypts and installs Agent Smith.
The malware tries to hide its presence by posing as a utility from Google - Google Updater, Google Update for U or “com.google.vending,” and by concealing its icon from the user.
In the next stage, the malware checks for apps on the device that are also on a list that is either hardcoded or received from the command and control server (C2).
When a match is found, Agent Smith extracts the base APK and ads a malicious ads module. Then it replaces the original package with the tampered one, with the user being none the wiser.
SOURCE: https://www.bleepingcomputer.com/news/se...h-malware/