‘Agent Smith’ infects 25M Android devices

Also in this week’s news, Mac Zoom users are exposed to webcam spying, vulnerabilities are found in hospital anesthesia machines, the U.S. Coast Guard warns shipping vessels about cyberattacks, and U.S. mayors vow no more ransomware payments

Bad actors have pushed variants of the Agent Smith malware to users through unofficial Android app stores, infecting up to 25 million devices, Bleeping Computer reported. Security analysts identified over 360 different dropper strains of the malware, being distributed in malicious game, photo, and adult content apps for over two years. 

The apps infect devices with Agent Smith, a malware that replaces real apps with tainted fake versions that flood the devices with ads. The malware can also monetize real ads on the device by hijacking an ad event and reporting it to an ad broker with the hacker’s own campaign ID. So far, Agent Smith has only been used to push ads, but security experts agree its bag of tricks could be applied to other criminal purposes, including credential-stealing and data theft. 

Users lower the risk of downloading malicious apps when they use official app stores, which always have stronger security and filtering than third-party shops. “As users we need to disable the option to install apps from untrusted sources,” warns Avast researcher Luis Corrons. “While it’s true there can be malware in the official stores, in unofficial app stores you can be certain there is malware in a number of apps.”

This week’s stat

$353 million – the amount handed down in GDPR fines in two days this week by the British watchdog agency the Information Commissioner's Office (ICO). 

Firmware flawed in GE anesthesia machines

Two models of hospital anesthesia machines made by General Electric (GE) have flaws in their firmware which could allow potential attackers to alter device settings remotely, ZDNet reported. When connected to the same network, hackers can execute commands on the GE Aestiva and GE Aespire, versions 7100 and 7900, that can adjust gas composition, change gas density, silence alarms, and modify the timestamps inside logs. 

In its risk analysis published on the GE Healthcare site, the company acknowledges the risks exist, but it maintains “there is no introduction of clinical hazard or direct patient risk.” The company states that because they are “attended devices,” primary control of the machine is always in the physician’s hands. GE advises hospitals to eliminate the risk completely by keeping the anesthesia machines offline. If they must be connected to a network, GE recommends using “secure terminal servers.” 

Mac Zoom users at risk of webcam spying

A software engineer discovered a major flaw in the Mac version of the video conferencing app Zoom. Because the app uses a local web server, hackers can join calls without permission. The flaw finder told The Independent that he estimates 4 million users could be affected by the security bug. This week, Zoom released a patch that removes the local web server from a user’s Mac. Once they update, users will also get the new menu option “Uninstall Zoom” for easier deletion of the app. 

Avast researcher Martin Hron said the incident creates potential for corporate espionage or video exfiltration – and poses risks for consumers. “This vulnerability could result in a privacy nightmare if their work computers are used at home or for personal reasons. The reports state that any website can turn on the Zoom client with the video feed enabled, which essentially could turn a casual browsing session into a serious invasion of privacy in the home.”

This week’s quote

“You see a hill on the horizon, and then it approaches you, and you ride over it, and then it passes you by. You get a sense of the landscape you would not have otherwise. It is exhilarating. It is ultimate freedom.” – Avast Data Scientist Monika Seidlova on the winter sport of snowkiting, her passion 

U.S. Coast Guard issues cyberattack warning

The U.S. Coast Guard released a Marine Safety Alert that warns against cyberattacks and strongly recommends specific security measures. The alert referenced the cyberattack on an international shipping vessel earlier this year and cautioned “with engines that are controlled by mouse clicks, and a growing reliance on electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is as essential as controlling physical access to the ship.”

To “improve the resilience of vessels and facilities,” the Coast Guard recommended owners and operators adopt several security measures including segmenting networks, creating per-user profiles and passwords, taking extra precautions with external media, installing antivirus suites, and patching diligently. “Maintaining effective cybersecurity is not just an IT issue,” the alert stated, “but is rather a fundamental operational imperative in the 21st century maritime environment.”

This week’s ‘must-read’ on The Avast Blog

Hand-written espionage documents, declassified files, IoT devices, and a century’s worth of secret communications and never before seen artifacts can now be spied for the very first time at Top Secret: From Ciphers to Cybersecurity, a London Science Museum exhibit co-sponsored by Avast.

U.S. mayors unite against ransomware payments

At its 87th annual meeting, the U.S. Conference of Mayors issued a resolution that pronounced the organization “stands united against paying ransoms in the event of an IT security breach.” SC Magazine reported that in the resolution, the Conference of Mayors stated that paying ransoms only encourages attackers to attack more, and that municipal governments need to de-incentivize the attacks by offering no financial reward. 

The decision comes on the heels of two Florida cities – Riviera Beach and Lake City – paying ransoms that collectively totaled over $1 million. In contrast, Atlanta and Baltimore also suffered ransomware attacks but did not pay the ransoms, and recovery fees have reached $17 million and an estimated $18 million respectively. The resolution against paying ransoms was introduced by Baltimore Mayor Jack Young. 

Learn more about products that protect your digital life at avast.com. And get all the latest news on today's cyberthreats and how to beat them at blog.avast.com. Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all of your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN.

Related articles