‘Agent Smith’ Malware has replaced Android apps code on 25 million devices


No, we haven’t just dropped into the Matrix and no, Keanu Reeves, although breath-taking, won’t save you from the Agent Smith Malware. A new strain of Android malware has infected 25 million devices and modified legitimate apps with a malicious ads module, according to a report by the security company Check Point.

Agent Smith - Android Malware

The malware doesn’t steal data from a user. Instead, it hacks apps and forces them to display more ads or takes credit for the ads they already display so that the malware’s operator can profit off the fraudulent views. Check Point says the malware looks for known apps on a device, such as WhatsApp, Opera Mini, or Flipkart, then replaces portions of their code and prevents them from being updated.

Agent Smith has primarily infected devices in India and other nearby countries. The main way it has spread is through a third-party app store called 9Apps. The malware would be hidden inside “barely functioning photo utility, games, or sex-related apps,” Check Point writes. After a user downloaded one, the malware would disguise itself as a Google-related app, with a name like “Google Updater” and then begin the process of replacing code.

Despite its focus on India, which accounts for 15 million infections, Check Point says the malware also made its way to the US where more than 300,000 devices were infected. The malware’s operator also seems to have attempted to expand into the Google Play Store, sneaking in 11 apps that included code related to a simpler version of the malware. The malware remained dormant, though, and Check Point says Google has now removed all the discovered malicious apps.

The core reason this app has spread is due to a vulnerability that was patched several years ago within Android but relied on developers updating their apps to add the protection. It’s clear that many have not done so according to these reports. It reiterates the importance of both app updates and Android security patches.

How to Spot and Remove Agent Smith from Android

You can spot Agent Smith easily. If your regularly used apps suddenly start producing an overwhelming number of adverts, it is a sure sign something is wrong. The ads the malware serves are difficult or impossible to exit, which is another indicator. But as Agent Smith acts almost silently bar the adverts, picking up on subtle changes to your apps is incredibly difficult.

Please note that apps suddenly displaying a huge volume of adverts isn’t the solo marker of Agent Smith. Other Android malware types serve adverts to increase revenue. Your device could have a different type of Android malware.

If you suspect something is wrong, you should complete an antimalware or antivirus scan on your device and remove the infected app to reinstall a fresh copy.

Leave a Reply

Your email address will not be published. Required fields are marked *