25 Million Android Phones Infected With Malware That ‘Hides In WhatsApp’

As many as 25 million Android phones have been hit with malware that replaces installed apps like WhatsApp with evil versions that serve up adverts, cybersecurity researchers warned Wednesday.

Dubbed Agent Smith, the malware abuses previously-known weaknesses in the Android operating system, making updating to the latest, patched version of Google’s operating system a priority, Israeli security company Check Point said.
Whilst the replaced apps will serve up malicious ads, whoever’s behind the hacks could do worse, Check Point warned in a blog. “Due to its ability to hide it’s icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user’s device,” the researchers wrote.

They said they’d warned Google and the relevant law enforcement agencies. Google hadn’t provided comment at the time of publication.

Typically the attack works as following: users download an app from the store – typically photo utility, games or adult themed apps (one called Kiss Game: Touch Her Heart is advertised with a cartoon of a man kissing a scantily clad woman). This app then silently installs the malware, disguised as a legitimate Google updating tool. No icon appears for this on the screen, making it even more surreptitious. Legitimate apps – from WhatsApp to the Opera browser and more – are then replaced with an evil update so they serve the bad ads. The researchers said the ads themselves weren’t malicious per se. But in a typical ad fraud scheme, every click on an injected advert will send money back to the hackers, as per a typical pay-per-click system.