“Agent Smith” Android Malware

Android phone users should be on the alert for “Agent Smith” malware. Disguised as a Google-related application, the malware exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without users’ knowledge or interaction. 

More details about "Agent Smith":

  • Currently uses its broad access to the devices’ resources to show fraudulent ads for financial gain.
  • Could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping.
  • This new variant of mobile malware has quietly infected around 25 million devices, including 15 million mobile devices in India.
  • Has spread through a third-party app store called 9Apps that’s popular in that region.
  • Apps that were modified include WhatsApp, Opera Mini, Flipkart, as well as software from Lenovo and Swiftkey.
  • Check Point, who discovered the malware, says a key vulnerability that "Agent Smith" relies on was patched several years ago in Android, but developers need to update their apps in order to take advantage of the added protections. 

How it works:

  • The malware detects which apps were installed, patches them with a malicious ads modules, and then re-installs them on the device.
  • For the user, it appears that the app is being updated as expected.
  • Once the update is complete, the owner of the malware collects money via the newly-included ads.

What you can do:

  • Install a security app on your device, such as Bitdefender Antivirus or Lookout.
  • This latest malware is a good reminder to only download apps from trusted app stores, since third party stores often lack the security measures required to block adware loaded apps.
  • For history and technical analysis of Agent Smith, read the Check Point blog post Agent Smith - A New Species of Mobile Malware.
General Alert
Security Alert

Written by pfalcon@brown.edu on