MALWARE ALERT: An 'Agent Smith' Virus Has Infected 25 Million Phones

Ruben Fields
July 19, 2019

A new malware, dubbed "Agent Smith" has been affecting 25 million Android users.

Their preliminary investigations discovered that malware has the ability to hide its app icon and disguise itself as a Google-related module. Furthermore, the malware works as an adware to spam users with fraudulent ads to make extra money which somehow follows the same pattern found in CopyCat, Gooligan and HummingBad attacks.

Users in the United Kingdom are among those affected, alongside Android users in the USA and Australia.

Some apps Agent Smith is capable of replicating include WhatsApp, web browser Opera and SwiftKey.

The researchers say that although at the moment the malware may be more annoying than damaging, its effects could be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping.

Android users have been warned to watch out for a new form of mobile malware that cannibalises apps.

Lotus Evija revealed; world's most powerful production auto
Producing 2,000 PS along with 1,700 Nm of torque, Lotus claims the Evija is the most powerful production road auto . Pricing starts at a hefty £1.7million (€1.8m), with a £250,000 deposit required to secure a production allocation.

The malware has primarily three phases in its attack flow.

These apps attract others by offering features like photo utility, game or adult app that is having contaminated content that can easily corrupt your device. If a suitable target is identified, it will then patch that app as if it were a regular update, but is in fact a malicious payload. The dropper application then checks if any popular applications, such as WhatsApp, MXplayer, ShareIt and more from the attacker's pre-determined list, are installed on the device.

To avoid being targeted by "Agent Smith" researchers have instructed to download only from trusted sources. It's estimated infected devices contain on average 112 cloned apps. The dropper then abuses several known system vulnerabilities to install the core malware without any user intervention needed.

"Check Point added: "'Agent Smith' is being used to for financial gain through the use of malicious advertisements. This stands as a reminder to all users that apps should only be downloaded from trusted app stores to mitigate the risk of infection.

"An advanced threat prevention solution should detect and block the malicious version of these apps from being installed, while alerting the user to the suspicious attempted activity. In addition, adopt a "hygiene first" approach to protecting your organisation's digital assets", the security giant advises. So, to be safe side check your mobile Android mobile phones and uninstall these apps from your mobile phones if these apps are installed on your phone.

Other reports by

Discuss This Article