Cyber security solutions provider Check Point on Wednesday revealed that ‘Agent Smith,” a new variant of mobile malware, has quietly infected around 25 million Android devices globally, including 15 million mobile devices in India. Also Read - India’s Ban on 43 Chinese Apps May Affect Beijing’s Digital Silk Route Ambitions | Here’s How

Disguised as a Google-related app, the malware exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without the users’ knowledge or interaction, said Check Point Research, the threat intelligence arm of Israel-based Check Point. Also Read - Nepal: Five Elderly People Returning from India Killed in Road Mishap

The malware currently uses its broad access to the devices’ resources to show fraudulent ads for financial gain, but could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping. Also Read - India To Build Shahtoot Dam, Announces 100 High-impact Projects Worth Rs 592 Crore in Afghanistan

This activity resembles previous malware campaigns such as “Gooligan”, “Hummingbad” and “CopyCat”.

“The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,” said Jonathan Shimonovich, Head of Mobile Threat Detection Research at Check Point.

“Agent Smith” was originally downloaded from the widely used third-party app store, 9Apps and targeted mostly Hindi, Arabic, Russian and Indonesian-speaking users.

So far, the primary victims are based in India, though other Asian countries such as Pakistan and Bangladesh have also been impacted.

There has also been a noticeable number of infected devices in the UK, Australia and the US as well.

Check Point has worked closely with Google and at the time of publishing, no malicious apps remain on the Play Store, said the company.

“Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like ‘Agent Smith,'” said the report.

In addition, users should only be downloading apps from trusted app stores to mitigate the risk of infection as third-party app stores often lack the security measures required to block adware loaded apps.