Agent Smith: The Agent Smith Malware has been around since 2016 and has made a resurgence with a new campaign which has infected an estimated 25 million devices. The malware operates by exploiting vulnerabilities in devices running Android versions 5 through 6 primarily. Once installed on a device, the malware begins to replace legitimate applications with malicious versions. The current campaign has primarily affected users throughout India, Bangladesh, Pakistan, and other Asian nations. Agent Smith has traditionally resided in applications which are made available on third-party app stores. 9Apps has been the main source of the malware for years, hiding mostly in photo utility apps, games, and adult entertainment apps. Although it has traditionally hidden in third-party app stores, 11 applications containing a dormant version of the malware were discovered on Google Play but have since been removed. While Indian and Arabic speakers have been the primary target for the malware, the infections have not been limited to India and Asia and have been seen in both the United States and the United Kingdom.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased