The Israeli security company also found that while the malware was primarily focused on users in India, it has made its way onto 25 million devices - including Android phones in the U.S. and the UK. Once installed on a device, Agent Smith disguises itself as a Google-related app such as "Google Updater", then gets to work looking for legitimate apps it can hijack with its malicious code. However, it could easily be used for far more intrusive and harmful purposes such as banking credential theft.
Malware has spread as several users give official Google Ply Store a miss and download apps from third party app stores like 9apps.com. Finally, the malware will peruse a copy of the device's now installed apps and replace target apps with versions that are infected with malicious ads.
If there is any app that is continuously displaying unnecessary pop-ups on your phone, it would be wise to uninstall the same. A new study revealed that over 1,300 Android apps can scrape certain personal data anyway, even if a user explicitly denied access to it.
Check Point Research is the threat intelligence arm of cyber security solutions provider Check Point Software. Check Point has said that the malware penetrated a "noticeable number" of devices in countries such as Saudi Arabia, UK and United States as well.
Checkpoint security firm says that Indians are primary victim of Agent Smith malware.
The malware has been nicknamed, "Agent Smith", owing to the methods it uses to attack an Android device without getting noticed.
As for the source of the malware, Check Point reckons it was made by a Chinese company that specialises in helping developers publish their apps overseas; seem like the company has another sideline to make money. Another report from a security company called CSIS Security Group reported a third-party app called 'Updates for Samsung.' It was uploaded on Google Play store, and it had over 10 million downloads. If they feel that their phone has been affected by the malware, users must delete data of popular apps by going into settings and later, reinstalling them.
"Data protection legislation around the world-including the General Data Protection Regulation (GDPR) in Europe, the California Consumer Privacy Act (CCPA) and consumer protection laws, such as the Federal Trade Commission Act-enforce transparency on the data collection, processing, and sharing practices of mobile applications".