Malware affecting Jio Apps, WhatsApp, Flipkart and Hotstar ‘primarily targeted’ Indian users through Alibaba’s app store

Jul 11, 2019, 10:41 IST

Agent Smith has primarly affected users in India and replaced Truecaller, Jio apps, Flipkart, WhatsApp and Hotstar with ad-filled versionsBusiness Insider India

A new malware has affected 25 million smartphone users globally, most of whom are from India, according to a report by Check Point.
The primary point of entry for the malware called ‘Agent Smith’ was through Alibaba’s 9apps.com mobile app store.
But it was only able to latch onto devices that are still running an outdated version of Google’s operating system, Android affecting Jio’s suite of apps, Flipkart, Truecaller, Hotstar and WhatsApp.

WhatsApp’s biggest market, India, is vulnerable to a new malware called ‘Agent Smith’ and Alibaba’s app store — 9apps.com — could be the reason why.

It’s not just WhatsApp but other popular apps like Hotstar, Jio Chat, Jio Play, Flipkart and Truecaller have been affected by the malware, according to Check Point.

Instead of the original app, you might have a version that is filled with malicious ads which will litter your device.

Complimentary Tech Event

Transform talent with learning that works

Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

It’s not just 9apps that’s reportedly at fault. Agent Smith uses vulnerabilities in previous versions of Android to latch onto devices. So, the malware only gets onto your phone if you haven’t updated it to the latest version of Google’s operating system.

The Israeli security company also found that while the malware was primarily focused on users in India, it has made its way onto 25 million devices — including Android phones in the US and the UK.

Undercover on your phone

Users downloading WhatsApp from 9apps, rather than the Google Play Store, have inadvertently been loading the malware onto their devices. It takes over WhatsApp and other primary apps on your device, to replace them ad-filled versions.

Agent Smith makes its way onto your phone just like any other app. It’s usually disguised a photo editing tool or an adult game in the app store which starts to penetrate the system after the app is installed.

Disguised as a legitimate Google update tool, Agent Smith then replaces original apps on your phone will malicious versions. And, there aren’t any notifications that will warn you.

The apps and the ads themselves aren’t dangerous per se, according to the researchers who made the discovery, but the malware’s true intent might extend beyond showing ads.

Due to its ability to hide it’s icon from the launcher and impersonate any popular existing app on a device, there are endless possibilities for this sort of malware to harm a user’s device.

Check Point report

Check Point also noted that it found indications that the hackers were working their way onto Google’s Play Store with 11 apps containing a ‘dormant’ piece of the software.

A simple remedy

If you’re one of the people who has been using 9apps and you’re afraid that Agent Smith might have made its onto your phone, there’s a simple to check to find out.

Make your way to your menus Android settings and find the Apps Menu. In the list of apps, look out for names like ‘Google Updater’, ‘Google Installer for U’, ‘Google Powers’ or ‘Google Installer’.

In case you have any of those apps on your phone, yes, you have been affected. But the solution is also simple. Simply uninstall the affected app. And, in the future, download apps only from Google’s official Play Store to stay safe.

Next Story Tecno follows Xiaomi, OnePlus and Samsung to get a pound of India's red hot smartphone market