Scam of the Week: 25 Million Smartphones Infected with ‘Agent Smith’ Malware

July 18, 2019 10:53 am Geraldine Strawbridge Agent Smith Malware

Android users are being warned to watch out for a new type of malware that has already infected over 25 million smartphone devices worldwide.

Dubbed ‘Agent Smith’ by researchers at Check Point Technologies, the malware disguises itself as an official Google-related app to get installed within the user’s device.

By exploiting vulnerabilities within the Android operating system, the malware automatically replaces installed apps, such as WhatsApp, with a malicious version without the user even noticing. The new version then displays fraudulent ads to generate income for the crooks behind the scam.

Image: Agent Smith Attack Method (Source: Check Point)

At this stage, the malware appears to be more annoying than damaging; however, researchers believe it could potentially be used for much more dangerous purposes such as stealing sensitive bank details or spying on someone through a compromised webcam.

“Indeed, due to its ability to hide its icon from the launcher and impersonate existing user-trusted popular apps, there are endless possibilities for this sort of malware to harm a user’s device,” said Jonathan Shimonovich, head of mobile threat detection at Check Point.

The dangerous malware, named after the menacing character in the Matrix film series, is thought to have originated from a Chinese company that specialises in helping developers publish their apps in foreign markets.

The largest number of infected devices were in India, Pakistan, Bangladesh, and Indonesia. However, around 330,000 devices have been infected in the US, with a further 137,000 in the UK. 

Image: Agent Smith Global Infection Rates

The app has spread rapidly throughout the world due to a vulnerability that was patched several years ago in Android but does not appear to have been routinely updated by developers. The global infection highlights the importance of regular app updates and android security patches.

To prevent your device from being infected you should:

  • Regularly check your apps – If you see any suspicious apps running on your phone, you should delete these immediately.
  • Install Anti-virus software – Anti-Virus software will help detect threats and prevent unauthorised access to your device.
  • Only install apps from trusted sources – Take the time to research both the app and its publishers and read reviews from other users to make sure the app is legitimate and worth downloading.
  • Update phone software – Malicious apps will often take advantage of older versions of browsers. It’s vital you install the latest software updates on your phone.

If you believe your device has been infected with Agent Smith Malware, there are a number of steps you can take to remove the infected app from your device:

For Android:

1. Go to Settings Menu.

2. Click on Apps or Application Manager.

3. Scroll to the suspected app and uninstall it.

4. If you are unable to find it, remove all recently installed apps.

For iPhone:

1. Go to Settings Menu.

2. Scroll to ‘Safari’.

3. On the list of options, select ‘block pop-ups’.

4. Then go to ‘Advanced’ -> ‘Website Data’.

5. Delete any unrecognised sites

MetaPhish provides a powerful defence against phishing and malware attacks by training employees how to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business.