If you’ve seen The Matrix trilogy, you’ll undoubtedly recognize the name Agent Smith. In the movies, Agent Smith maliciously replaces innocent bystanders with copies of himself. A new form of Android malware has been dubbed “Agent Smith” simply because it behaves much the same way.
Enter Agent Smith
Researchers from Check Point announced the discovery of Agent Smith on Wednesday, July 10. According to their report, the malware infected 25 million devices up to this time. The initial attack begins with downloading a program that looks like a game, utility, or adult-themed app. This program downloads the Agent Smith program. Once installed, Agent Smith hides its app icon within the launcher and disguises itself as a legitimate Google app within Android settings. Everything snowballs from there.
Search And Replace
After installation, Agent Smith scans the apps installed on the device. It downloads and replaces any apps within its target list. The replacement app looks exactly like the real app. The most popular apps replaced include WhatsApp, MXplayer, and ShareIt. In most cases, the malware replaces over 100 apps on a single device.
Unlike the real apps, the replacement apps flood your phone with ads. At the moment, it seems Agent Smith only displays these ads in order to get paid by the advertiser. However, its capabilities leave the door open for nearly endless possibilities.
Agent Smith Origins
According to Check Point, the malware originates from a firm based in Guangzhou, China. Their primary targets appear to be India, Pakistan, and Asia. However, over 300,000 phones within the United States have been infected along with another 137,000 in the U.K. Agent Smith is spread via third-party app stores. 9App, an app store owned by China’s Alibaba, has been the biggest infiltration point.
How To Avoid It
There are a few ways to protect your device.
- Uninstall apps named Google Updater, Google Installer for U, Google Powers, or Google Installer. They’re likely fake.
- Only download apps via Google Play. Third-party app stores don’t have the same vetting process and are likely to contain malware. Even with the extra protection, even some apps on Google Play contain malware. One was announced just this week.
- Uninstall potentially compromised apps. If an app is showing ads and doesn’t usually do so, it’s probably been replaced. For example, WhatsApp never shows ads. Remove and reinstall these apps via Google Play.
- Keep your device updated. Newer versions of Android aren’t susceptible to this attack. If your device is too old to update, it’s time to upgrade.