Trend Micro Alert: Malware Replaces Legitimate Apps with Fake Versions

Threat “hijacks” apps and has the potential to steal bank details

Trend Micro, the global leader in cybersecurity, has identified a new malware campaign called Agent Smith. The threat is the latest in a long family of campaigns designed to infect mobile devices using fake apps to exploit vulnerabilities in the Android operating system. The attack ranges from the display of unwanted ads to theft of sensitive information, such as bank details.

Agent Smith is built into legitimate-looking apps like photography and games that are popular on third-party marketplaces like 9Apps, although the threat was also found on Google Play. When installed, it extracts a list of all legitimate apps installed on the user's phone and then replaces them with identical but malicious versions.

The malware then “hijacks” the apps to display unwanted ads, generating profit for the hackers. However, the attack has the potential to generate more catastrophic consequences. Researchers claim the same malware could be used to steal sensitive information such as banking credentials.

As of early July, Agent Smith has infected over 302,000 devices in the US, making it one of the biggest threats this year so far. According to Trend Micro researchers, attackers are always looking for ways to break into users' devices, so they can install adware and lock down ransomware devices until the ransom amount is paid.

how to protect yourself

Google is improving its techniques to prevent fake apps from being published on the Play Store, but there are times when malicious apps escape detection. The hackers behind Agent Smith hid malware elements in 11 Google Play apps, two of which already had 10 million downloads by the time Google was notified and deleted the threats.

According to the researchers, people spend more and more time online and, for many, the door to this digital world is precisely the smartphone. With current innovations, it is possible to take care of almost everything from the cell phone – purchases, financial matters, transport – and that is exactly why attackers invest in improving their techniques to infect mobile devices.