Advisory! Protect Your Device From “Agent Smith” Malware

The Check Point Researchers, a cyber security solution providers have recently detected a new malware variant that has been hitting the smartphone users on the Google Play store.  

Every now and then there is a new malware for the mobile users which put their data at risk. And this time the new malware affecting android users without their knowledge is ‘Agent Smith’. Nearly 25million devices across the globe, out of which 15million Indian users are under attack of this malicious malware. It has been affecting the applications without the knowledge of the user.

Let’s dig in and find out more about this new Android Malware as so far the primary targets are based in India more than other Asian countries.

What is Agent Smith Malware?

The malware accesses the device through fraud adware i.e. by showing ads prompting financial gains. Once it has entered your device through the loopholes, it replaces the original application with the malicious version of the same application without your knowledge. With this ability, it hides its icon from the launcher and imitates itself as the existing app.  

This malware uses Just-in-time (JIT) approach on the device to infect the native application thus dubbed as “Agent Smith”. With this action, it has been using the adware version to get financial gains. However, the contradiction is that even after being capable of harmful attacks such as banking credential theft, none has been reported yet.

Agent Smith spreads through third party applications like 9apps, games, adult entertainment, media player, system utilities and photography related applications. The initial attack is done through 9Apps market with over 360 different dropper variants.

Phases of Agent Smith Attack

• A dropper application (one with encrypted asset files) lures the user to install itself.
• Upon downloading, the dropper app decrypts and installs its core malware APK which then conducts malicious app updates disguised as Google Updater, Google Update for U or “com.google.vending” hiding its malware icon.
• Malware extracts the list of installed apps and finds its prey. Next, it will extract the base APK of the innocent app, patch the APK with malicious modules and install it APK back replacing the original one. The complete process here is depicted as if it was an update.

How to Detect?

The Agent smith virus has the property to get stick with the application and spam your smartphone with ads. Also, it has the properties to stay same on other application too.

Applications diagnosed with this Android virus are:

So, if you have any of the above mentioned applications installed and there are frequent displays of out of context ads, it can be because of ‘Agent Smith’.

According to Check Point, most infections occurred on devices running Android 5 and 6, but there was a considerable number of successful attacks against newer Android versions too.

How to remove Virus from Phone?

The checkpoint has closely worked with Google and these infected applications have been removed from the Google Play store. But if you have any of these applications installed on your phone, it may affect other advanced applications like Whatsapp and Flipkart.

However, if you have any of them installed, follow these steps to ensure ‘Agent Smith’ android malware removal:

• Immediately uninstall applications on your device as mentioned in the list.
• Install a reliable antivirus application (better if its paid as it free version doesn’t cover complete scanning and security).
• More than that, if your phone is under this attack, it is recommended to do a factory reset of your device to completely get rid of it.

At last, the tip to avoid this malware attack is that avoid installing applications from third party sources or apk files from web.