new virus to attack on mobile devices

Krishna421

In the Wachowski Brothers’ classic Matrix trilogy, “Agent Smith” famously describes the human race as a species that multiplies until every resource is consumed. In reality, it is the “Agent Smith” of the mobile malware world that is the real virus – and is spreading at alarming rates.[br]Check Point Researchers recently discovered a new variant of mobile malware that has quietly infected around 25 million devices, while the user remains completely unaware. Disguised as a Google related application, the core part of the malware exploits various known Android vulnerabilities and automatically replaces installed apps on the device with malicious versions without the user’s interaction.[br]Agent Smith” has primarily three phases in its attack flow.[br][br] [br][br]In the first phase, the attacker lures users to download a dropper application from an app store such as 9Apps. These droppers are usually disguised as free games, utility applications or adult entertainment applications, yet contain an encrypted malicious payload. The dropper application then checks if any popular applications, such apps include WhatsApp, MXplayer, ShareIt and more from the attacker’s pre-determined list, are installed on the device. If any targeted application is found, “Agent Smith” will then attack those innocent applications at a later stage.[br][br] [br][br]In the second phase, after the dropper gains a foothold on victim device, it automatically decrypts the malicious payload into its original form – an APK (Android installation file) file which serves as the core part of “Agent Smith’s attack. The dropper then abuses several known system vulnerabilities to install the core malware without any user interaction at all.[br]In the third phase, the core malware conducts attacks against each installed application on device which appears on its target list. The core malware quietly extracts a given innocent application’s APK file, patches it with extra malicious modules and finally abuses a further set of system vulnerabilities to silently swap the innocent version with a malicious one.[br] [br][br][br][br]