An Israeli security company says that a new malware it calls "Agent Smith," replaces good apps on your Android device with versions that serve up ads in a profit-making scam. The security company, Check Point, says that the malware "currently uses its broad access to the device's resources to show fraudulent ads for financial gain."
The researchers went on to say that this malware "could easily be used for far more intrusive and harmful purposes, such as banking credential theft."
That means that ads could, at least theoretically, be designed to mimic elements of the user interface in an attempt to obtain passwords, payment information, or other personal information.
In fact, the researchers say that "with the ability to hide its icon from the launcher and hijack popular existing apps on a device, there are endless possibilities to harm a user's digital [or] even physical security. Today this malware shows unwanted ads, tomorrow it could steal sensitive information; from private messages to banking credentials and much more."
To date, the researchers say that the malicious apps, traced to an internet company based in China, have affected users of third-party app stores in countries like India, though some U.S. users have reportedly been infected as well.
The apps take advantage of several loopholes in Android, some of which have been patched but require users to update their OS and/or apps to take advantage of added protection.
Before I get to the part where you find out whether your device is infected, and what to do about it, let's talk for a minute about those third-party app stores and open systems.
Open versus closed systems.
One of the complaints about Apple, for example, is that, as a closed system, the company controls the device, the operating system, and the app store. Anyone can build an app for the iPhone, but in order to get it on the device, you have to follow Apple's rules and get their approval.
That's not necessarily true with many Android app stores, meaning that users are increasingly at risk for this type of attack since Google doesn't dictate what developers can or can't do with Android apps.
Even Google's own app download store, Google Play, isn't immune. A report this week from another firm, CSIS Security Group, says that a malicious app called Updates from Samsung was downloaded 10 million times before Google finally pulled it from the store.
In that case, the app, which was presumably meant to provide updates for your device, would attempt to trick users into paying for what would otherwise have been free.
Say what you want about Apple's lockdown approach, but it's hard to argue that a model that puts users at risk for these types of attacks is better for consumers overall. Since Apple serves as the gatekeeper and has a financial incentive for keeping malware off of iOS devices, as a result, far fewer of these types of attacks have occurred.
How to know if you've been affected and what to do.
That said, you're probably wondering how to tell if your device has been infected by this most recent malware, especially since the malicious app does have an icon that appears on the home screen.
If something seems off, like perhaps you open an app like WhatsApp that doesn't normally show ads but you see strange ads, you could be infected. Or if you're regularly using third-party app stores like 9Apps, which is especially common in the areas of highest infection, you should take steps to protect yourself.
In that case, you'll need to search for apps with strange names like "Google Updater" or "Google Update for U." If you find those, delete them immediately, and then make sure that you are using the most current version of Android for your device. Once you've completed those steps, you should make sure you are running the most up-to-date version of your apps as well.
Finally, it's probably a wise idea to stay away from shady app download stores that don't offer the same level of protection as Google Play. It might also be time to reconsider whether the supposed benefits of an open system are worth the security risk.