According to cyber securities, around 25 million Android phones have been affected by a serious malware hidden in WhatsApp. The malware can replace and install apps like WhatsApp with evil versions that serve up adverts.
Dubbed Agent Smith, the malware is known to abuse previously-know weaknesses in the Android operating system, making updating to the latest, patched version of Google’s operating system a priority, as reported by Israeli security company Check Point.
Most of the victims are based in India. Around 15 million users have been affected by malware in India. In the US, there are more than 300,000 users who faced the same problem. Around 137,000 in the UK were affected by the malware. This is perhaps the largest one of the more severe threats to have hit Google’s operating systems in recent times.
The malware is known to spread through a third-party app-store 9apps.com which is owned by China’s Alibaba. Typically, such non-Google Play attacks focus on developing countries, making the hacker’s success in the US and the UK more remarkable, as reported by Check Point.
Check Point warned in a blog that the replaced apps wills serve up malicious ads. However, the hacker can do worse things than this. The researchers wrote, “Due to its ability to hide its icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device.”
They said that they have warned Google and the relevant law enforcement agencies. However, Google has not commented on the matter yet.
There are also indications that the attackers are moving towards Google Play. The Check Point researchers said that they have found around 11 apps on Google Store that contained a dormant piece of the hacker’s software. But Google has swiftly taken down those apps. This is actually turning out to be a matter of great concern. There are over a billion android users in the market. If hackers are able to attack all these phones, the situation could get worse.