Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week: 25 Million Smartphones Infected with ‘Agent Smith’ Malware

Agent Smith Malware

Android users are being warned to watch out for a new type of malware that has already infected over 25 million smartphone devices worldwide.

Dubbed ‘Agent Smith’ by researchers at Check Point Technologies, the malware disguises itself as an official Google-related app to get installed within the user’s device.

By exploiting vulnerabilities within the Android operating system, the malware automatically replaces installed apps, such as WhatsApp, with a malicious version without the user even noticing. The new version then displays fraudulent ads to generate income for the crooks behind the scam.

Image: Agent Smith Attack Method (Source: Check Point)

Scam of the Week: 25 Million Smartphones Infected with ‘Agent Smith’ Malware

At this stage, the malware appears to be more annoying than damaging; however, researchers believe it could potentially be used for much more dangerous purposes such as stealing sensitive bank details or spying on someone through a compromised webcam.

“Indeed, due to its ability to hide its icon from the launcher and impersonate existing user-trusted popular apps, there are endless possibilities for this sort of malware to harm a user’s device,” said Jonathan Shimonovich, head of mobile threat detection at Check Point.

The dangerous malware, named after the menacing character in the Matrix film series, is thought to have originated from a Chinese company that specialises in helping developers publish their apps in foreign markets.

The largest number of infected devices were in India, Pakistan, Bangladesh, and Indonesia. However, around 330,000 devices have been infected in the US, with a further 137,000 in the UK. 

Image: Agent Smith Global Infection Rates

Scam of the Week: 25 Million Smartphones Infected with ‘Agent Smith’ Malware

The app has spread rapidly throughout the world due to a vulnerability that was patched several years ago in Android but does not appear to have been routinely updated by developers. The global infection highlights the importance of regular app updates and android security patches.

To prevent your device from being infected you should:

  • Regularly check your apps – If you see any suspicious apps running on your phone, you should delete these immediately.
  • Install Anti-virus software – Anti-Virus software will help detect threats and prevent unauthorised access to your device.
  • Only install apps from trusted sources – Take the time to research both the app and its publishers and read reviews from other users to make sure the app is legitimate and worth downloading.
  • Update phone software – Malicious apps will often take advantage of older versions of browsers. It’s vital you install the latest software updates on your phone.

If you believe your device has been infected with Agent Smith Malware, there are a number of steps you can take to remove the infected app from your device:

For Android:

1. Go to Settings Menu.

2. Click on Apps or Application Manager.

3. Scroll to the suspected app and uninstall it.

4. If you are unable to find it, remove all recently installed apps.

For iPhone:

1. Go to Settings Menu.

2. Scroll to ‘Safari’.

3. On the list of options, select ‘block pop-ups’.

4. Then go to ‘Advanced’ -> ‘Website Data’.

5. Delete any unrecognised sites

MetaPhish provides a powerful defence against phishing and malware attacks by training employees how to identify and respond appropriately to these threats. Get in touch for further information on how we can help protect your business.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations