250 million emails stolen and infected by a new version of the TrickBot malware
Check Point, a cybersecurity company, estimated that 25 million people downloaded applications infected with the malicious "Agent Smith" application, its name being a direct reference to Agent Smith's character in the Matrix trilogy.
Infected mobile apps were put into circulation by a Chinese network whose main activity was to help programmers in China to make themselves known on application distribution systems other than their own, through third-party application stores. In the United States only, more or less 300 thousand people have seen their phone or tablet get infected.
The names of these companies have not been published.
Particularly spreading via the 9Apps application store in the form of games and popular applications, it does not matter to Agent Smith if the downloaded application is really functional: being downloaded and executed by the user is more than enough to infect the device of the user in question.
Agent Smith infects devices by disguising himself as a module called Google Updater, Google Update for U or "com.google.vending". This application's icon is hidden by the system.
Secretly, in background, Agent Smith searches for other applications previously installed by the user in order to impersonate the module of their updates. Agent Smith can then modify these installed applications, injecting tons of ads into them, making any infected application an Invasive Adware.
Check Point also notes that almost all the attacks took place on devices under versions 5 and 6 of Android, Google's mobile operating system. Even more surprising, 25% of all assaults are on devices under the Android versions 7 or 8, knowing that these versions are recent.
Google had already fixed one of the exploits of their operating system used by "Agent Smith" in 2017, nicknamed Janus, but the security update has unfortunately not yet been installed and applied on all phones and tablets equipped with the operating system.
Millions of phones worldwide are therefore at risk of getting infected, because they are under an outdated version of Android.