Dubbed “Agent Smith”, the malware currently uses its broad access to the devices’ resources to show fraudulent ads for financial gain.

Check Point Research, the Threat Intelligence arm of Check Point Software Technologies Ltd., a provider of cyber security solutions globally, has discovered a new variant of mobile malware that has quietly infected around 25 million devices, including 15 million mobile devices in India. Disguised as a Google-related application, the malware exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without users’ knowledge or interaction.

Dubbed “Agent Smith”, the malware currently uses its broad access to the devices’ resources to show fraudulent ads for financial gain, but could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping. This activity resembles previous malware campaigns such as Gooligan, Hummingbad and CopyCat.

“Agent Smith” was originally downloaded from the widely-used third-party app store, 9Apps and targeted mostly Hindi, Arabic, Russian, and Indonesian speaking users. So far, the primary victims are based in India though other Asian countries such as Pakistan and Bangladesh have also been impacted. There have also been a noticeable number of infected devices in the United Kingdom, Australia and the United States.