Indian cybercrime officials, tracking the recently detected Agent Smith malware, believe it is targeted at Indians, who constitute the highest number of victims so far.
The Hindu had on Sunday reported how the malware has raised concerns in the cybersecurity fraternity. According to a report by Checkpoint, a private cyber security firm, Agent Smith is believed to have infected over 25 million devices so far.
First noticed early this year, the malware can replace apps on android phones with malicious versions without the user’s knowledge.
According to investigations conducted by several agencies so far, around 59% of those affected by Agent Smith are Indians. Other countries where significant infection was recorded include the United States, the United Kingdom, Saudi Arabia, Australia, Bangladesh and Pakistan.
“Agent Smith is embedded in apps available on Google Playstore, mostly connected to gaming, image editing or adult entertainment. Once a user downloads the app, the malware gets active, looking for other apps that it can take over. Its ability to impersonate apps, as well as the fact that its icon is not visible on the user’s screen, makes it next to impossible to detect,” a source, who is part of the investigation, said.
The structure of the malware, too, indicates that it is an advanced one. Unlike most malware, the creators of Agent Smith seem to have made the effort to identify all the latest vulnerabilities in the Android operating system and designed it specifically to exploit them, the source said.
One such vulnerability is called the Janus, which was discovered in 2017 by cybersecurity researchers. It allows hackers to modify an app without affecting its own signature, which makes the hack impossible to detect.
“Agent Smith relies heavily on the Janus vulnerability in replacing apps with their contaminated versions while leaving the hash value, which is like a unique signature for any app, intact,” the source said.
Cybercrime officials are closely tracking Agent Smith’s activities which, for the moment, seem to be limited to throwing up targeted advertisements. However, with the kind of abilities that the malware displays, it can be used for anything that its creators want it to do.
“With 25 million devices being reportedly infected, the makers of Agent Smith already have a huge botnet at their disposal, and the possibilities are almost literally endless,” an officer said.
