25 million Android users hit with Agent Smith malware

Google has suspended a fraudulent mobile app on the Google Play Store called "Updates for Samsung" for violating its policies that claimed to offer system-level Android updates to smartphones. Researchers find out that there are more than fifty ways that allow these apps can to gather precise geolocation data and phone identifiers behind your back. However, according to CNET's report, an International Computer Science Institute research team said 1325 applications bypass these restrictions.

As reported by CNET, Shutterfly was found to be harvesting Global Positioning System coordinates from users' photos even despite the fact that many declined to share their location data within their device.

Google says photo location information will be hidden by default from apps that request photos on Android Q, unless developers specify on the Google Play Store whether their app is capable of accessing a photo's location. That also stops the app in question interacting with other apps.

The company said it detected 11 such apps already, showing that the malware operators are setting up the base for a distribution campaign leveraging the official Android app store.

The first is known as a side channel attack. The privacy-abusing apps include Shutterfly, the photo-sharing Website and Hong Kong Disneyland. How do you feel about them?

Still other apps collected location data via the Wi-Fi network that the phone was connected to.

The fix to this is one can choose to open files always with their installed apps. However, he has conceded that the company could be doing more.

Android Police discovered that while trying to share images using a Microsoft app, the Share menu now is advertising an option to share the images using OneDrive, even if it is not installed on the user's device. The researchers came across this with apps such as smart remote controls. Baidu couldn't reply by our deadline.

An infected device will be revisited over time and served the latest malicious patches, the researchers say. These are clearly deceptive practices, and therefore entirely within the agency's purview to take action. We are here to give you the best five alternatives to GetJar.

By the looks of things, this happens in more than just Android app, so it's most likely a behavior that Microsoft is planning to use going forward.

But despite this early takedown, Android users shouldn't feel safe.

There is a way of out this.

It exploits a vulnerability that was patched years ago in Android.

  • Arturo Norris