Agent Smith: Is Your Phone Infected by This Malware Already?

Last Updated: September 5, 2022

If you have seen The Matrix, you must remember the antagonist, Agent Smith portrayed by Hugo Weaving. He is depicted as an AI computer program whose job is to end rogue human simulations that would disrupt the algorithms in the Matrix.

Taking a leaf from its page, a new mobile malware has been infecting smartphones across the globe. However, comparison of the malware with the character ends with sharing the name. The malware doesn’t target rogue programs but the smartphone’s OS and replaces existing applications with infected versions without the user being aware of the switches.

What Is Agent Smith Mobile Malware?

Agent Smith is a mobile malware which takes advantage of vulnerabilities of the operating system to switch installed apps with malicious versions. The replaced versions don’t steal data of the user, but it uses the ‘spiked’ apps to spam a large number of ads and steal credits from devices of the ads shown on the user’s devices.

If we look at it geographically, its biggest target has been India and has infected about 25 million devices across the globe. Experts say that its activities resemble some earlier malwares such as Hummingbird, Gooligan and CopyCat and are even infecting Smartphones versions 7 and above.

Agent Smith malware is believed to be developed by a Chinese company situated in Guangzhou for local developers to promote their products.

It first appeared on a third-party app store called 9Apps which targets users from Asia; especially the Indian subcontinent. Some of the countries which highest number of infections include India, Pakistan, Bangladesh, UK, Australia, and the US.

The main reason for this is that they primarily aim to infect users who speak languages other than English, i.e., Hindi, Bengali, Urdu, Arabic, Russian and Indonesian etc.

How to Protect your Device from Agent Smith?

Since these developers use devious methods such as websites to gain access, it is always recommended to use trusted marketplaces such as Google Play Store or App Store to download apps.

Using distrustful marketplaces might seem attractive as they often provide free versions of paid apps, but in turn they might take much more than subscription fees from the trusted marketplaces. As of now, Google Play Store has removed about 16 such apps that have been supposedly infected with this malware, namely, Flipkart, MX Player Opera, ShareIt and WhatsApp, to name a few.

For now, the malware is only used to augment products via spamming advertisements by replacing the apps, but in foresight, these apps may also be used for more malicious activities such as data theft, breach of privacy and fraudulency. To add to the woes, mobile malware detection is not possible as the malware hides itself by taking the form of these applications.

How Does the Agent Smith Malware Work?

Taking advantage of its capability of becoming virtually invisible, this malware can easily navigate between apps and steal various types of app data and identities. Then the program exploits vulnerable apps that have been installed in the app without making the user aware even with the help of a mobile malware scanner.

After this, they switch the simple app with the infected version. Even the best mobile malware removal software cannot detect and remove it.

It is interesting that instead of one, the malware targets a number of different weak points with the help of Bundle, Janus and Man-in-the Disk. When combined, this creates a 3-stage process to wreak havoc in the system. It is probably the first of its kind to use all these weapons to infect the devices.

One of the biggest concerns with Agent Smith is that it doesn’t only infect one app but continues to contaminate wherever it finds a loophole. Moreover, it also keeps self-updating the infected applications so that they can continue to advertise new products.

More about Agent Smith

It is known that 9Apps was the initial point where Agent Smith was spread across the globe. However, even the trusted marketplace Google Play Store couldn’t prevent itself from distributing some of the infected apps.

According to CheckPoint, about 11 apps on the marketplace were found to have dormant, yet malicious files embedded so that they can start their campaign at the first opportunity.

The malware is currently looking for loopholes to penetrate Google Play Store and waiting for the most appropriate opportunity to infect the APKs. However, users can take a sigh of relief as the infected apps have currently been disabled by the Google Play Store.

Conclusion

The best way to protect the attacks by Agent Smith is to employ hygienic practices by taking help of  antimalware and antivirus software apps. Moreover, it is advised that any individual, or organisation should only download apps from trusted sources to minimise risks.

This malware infection epidemic provides a useful insight for developers and companies to create a safe application environment which is immune to malicious attacks by these types of stealthy malwares. It is crucial that app and system developers, organisations and users keep mobile malware protection a priority and disinfect their apps regularly.

Published On: August 1, 2019
Anurag Vats

Anurag Vats is an in-house technical content writer at Techjockey who is fond of exploring the latest avenues in the field of technology and gadgets. An avid reader of fiction and poetry, he also likes to dabble with brushes and poetry and loves to cook in borrowed kitchens. However, writing about business software and technologies is the newfound passion that helps him address the pain points of SMBs and MSMEs.

Share
Published by
Anurag Vats

Recent Posts

SAP ERP vs Oracle ERP: Which One is Best for Your Business?

Business competition in the business environment demands that businesses be streamlined, both in operations and… Read More

November 20, 2024

The Importance of HRMS for Complete Employee Lifecycle Management

It might be difficult to monitor an employee's path from hiring to dismissal closely. Every… Read More

November 20, 2024

Top 10 ERP Systems to Consider in 2024 and Beyond

When selecting the best ERP software for your business, it only makes sense to survey… Read More

November 20, 2024

How to Avoid Remote Access Scams?

There is no doubt that remote access technology has proven to be very helpful in… Read More

November 18, 2024

How Xoriant Corporation Made It Hiring Process More Effective?

Introducing Xoriant Corporation, leading player in the era of product development, engineering, and consulting… Read More

November 13, 2024

How to Use VPN to Access the Dark Web?

The dark web is a part of the internet that isn't indexed by standard search… Read More

November 11, 2024