If you have seen The Matrix, you must remember the antagonist, Agent Smith portrayed by Hugo Weaving. He is depicted as an AI computer program whose job is to end rogue human simulations that would disrupt the algorithms in the Matrix.
Taking a leaf from its page, a new mobile malware has been infecting smartphones across the globe. However, comparison of the malware with the character ends with sharing the name. The malware doesn’t target rogue programs but the smartphone’s OS and replaces existing applications with infected versions without the user being aware of the switches.
What Is Agent Smith Mobile Malware?
Agent Smith is a mobile malware which takes advantage of vulnerabilities of the operating system to switch installed apps with malicious versions. The replaced versions don’t steal data of the user, but it uses the ‘spiked’ apps to spam a large number of ads and steal credits from devices of the ads shown on the user’s devices.
If we look at it geographically, its biggest target has been India and has infected about 25 million devices across the globe. Experts say that its activities resemble some earlier malwares such as Hummingbird, Gooligan and CopyCat and are even infecting Smartphones versions 7 and above.
Agent Smith malware is believed to be developed by a Chinese company situated in Guangzhou for local developers to promote their products.
It first appeared on a third-party app store called 9Apps which targets users from Asia; especially the Indian subcontinent. Some of the countries which highest number of infections include India, Pakistan, Bangladesh, UK, Australia, and the US.
The main reason for this is that they primarily aim to infect users who speak languages other than English, i.e., Hindi, Bengali, Urdu, Arabic, Russian and Indonesian etc.
How to Protect your Device from Agent Smith?
Since these developers use devious methods such as websites to gain access, it is always recommended to use trusted marketplaces such as Google Play Store or App Store to download apps.
Using distrustful marketplaces might seem attractive as they often provide free versions of paid apps, but in turn they might take much more than subscription fees from the trusted marketplaces. As of now, Google Play Store has removed about 16 such apps that have been supposedly infected with this malware, namely, Flipkart, MX Player Opera, ShareIt and WhatsApp, to name a few.
For now, the malware is only used to augment products via spamming advertisements by replacing the apps, but in foresight, these apps may also be used for more malicious activities such as data theft, breach of privacy and fraudulency. To add to the woes, mobile malware detection is not possible as the malware hides itself by taking the form of these applications.
How Does the Agent Smith Malware Work?
Taking advantage of its capability of becoming virtually invisible, this malware can easily navigate between apps and steal various types of app data and identities. Then the program exploits vulnerable apps that have been installed in the app without making the user aware even with the help of a mobile malware scanner.
After this, they switch the simple app with the infected version. Even the best mobile malware removal software cannot detect and remove it.
It is interesting that instead of one, the malware targets a number of different weak points with the help of Bundle, Janus and Man-in-the Disk. When combined, this creates a 3-stage process to wreak havoc in the system. It is probably the first of its kind to use all these weapons to infect the devices.
One of the biggest concerns with Agent Smith is that it doesn’t only infect one app but continues to contaminate wherever it finds a loophole. Moreover, it also keeps self-updating the infected applications so that they can continue to advertise new products.
More about Agent Smith
It is known that 9Apps was the initial point where Agent Smith was spread across the globe. However, even the trusted marketplace Google Play Store couldn’t prevent itself from distributing some of the infected apps.
According to CheckPoint, about 11 apps on the marketplace were found to have dormant, yet malicious files embedded so that they can start their campaign at the first opportunity.
The malware is currently looking for loopholes to penetrate Google Play Store and waiting for the most appropriate opportunity to infect the APKs. However, users can take a sigh of relief as the infected apps have currently been disabled by the Google Play Store.
The best way to protect the attacks by Agent Smith is to employ hygienic practices by taking help of antimalware and antivirus software apps. Moreover, it is advised that any individual, or organisation should only download apps from trusted sources to minimise risks.
This malware infection epidemic provides a useful insight for developers and companies to create a safe application environment which is immune to malicious attacks by these types of stealthy malwares. It is crucial that app and system developers, organisations and users keep mobile malware protection a priority and disinfect their apps regularly.