Agent Smith Malware Attacks Over 25 Million Phones

Security researchers have discovered a new malware that infects more than 25 million Android devices. Dubbed “Agent Smith malware” the code makes its way to a device through incomplete applications and then disguises itself as a Google-related application.

According to a press release from the security company Check Point, once Agent Smith is active on the device, the malware looks for common applications and replaces them with malicious versions. Modified applications display fraudulent advertisements for financial gain.


“Malware attacks user-installed applications silently, which makes it a challenge for ordinary Android users to combat these threats on their own,” said Jonathan Shimonovich, head of mobile threat detection research at Check Point. .


The methods used are similar to other malicious programs, such as Gooligan, Hummingbad and CopyCat. Check Point also says that the vector could easily be used for more infamous and harmful purposes, such as stealing banking information or spying.


So far, most infections have been detected in India and neighboring countries because the malware is distributed mainly through 9Apps, a third-party app store popular in the region. Malicious code is usually hidden inside a “dropper” application.


“A dropper application attracts the victim [sic] to be installed voluntarily,” said Check Point. “Dropper variants are usually applications of photos, games or applications related to sex that barely work.”


More than 15 million infections originate in India, but it is reported that around 300,000 devices in the US. UU They also have malware installed. According to the researchers, the bad actors, who appear to be from China, tried to expand operations in the Google Play Store and successfully planted 11 infected programs with an altered version of the malware. Google has already removed the malicious software.


The vulnerabilities on which Agent Smith is based, Janus being one of them, were repaired several years ago, but many applications have not updated their security to take advantage of the solution.


“This application was as malicious as they come,” says Shimonovich. “Combining advanced threat prevention and threat intelligence while adopting a” hygiene first “approach to safeguarding digital assets is the best protection against invasive mobile malware attacks such as Agent Smith, and users should only download applications. from trusted app stores to mitigate the risk of infection, since third-party app stores often lack the security measures needed to block applications loaded with advertising software. “