According to The Verge, a new malware variant, deemed Agent Smith, has been targeting Android devices by replacing portions of coding within legitimate apps with malicious coding.
Fortunately, the malware doesn’t steal data from a user. Instead, it forces legitimate applications to display either more ads, or takes credit for the ads already being displayed. This permits the malware author to reap the benefits of profiting from the ads being shown.
A list of the apps impacted has not been released, because not every app user was infected. The malicious author has been targeting users in India and other nearby countries by spreading the malware through a third-party app store called 9Apps. That being said, they did attempt to offer malicious apps within the Google Play Store; however, Google has identified and removed all of the discovered malicious apps.
The key vulnerability that Agent Smith relies on was patched several years ago by Android. Therefore, if users are concerned about falling victim, they can update their devices which would patch the security hole.