Is your android infected with Agent Smith? Here is how to check.


Agent Smith is a malware that effects smartphone, tablets, and other android based devices. According to the report by the checkpoint, this malware has affected about 25 million devices while users remain unaware of the malware.

Check Point believes that the ‘Agent Smith’ malware originated in China via an internet firm that helps Chinese Android app developers to localize and publish their apps in foreign markets. It’s spread through a third-party app store called 9Apps that is popular in Asian markets.

The malware gained its name because it mimics the famous Matrix character, as it hacks apps and forces them to show more ads and then siphons the ad revenue by taking credit for ads already shown

Agent Smith has mainly infected devices in India, Pakistan, and Bangladesh. However, around 303,000 devices have been infected in the US and further 137,000 devices in the UK. Some of the apps that ended up being infected include
  • WhatsApp
  • lenovo.anyshare.gps
  • mxtech.videoplayer.ad
  • jio.jioplay.tv
  • jio.media.jiobeats
  • jiochat.jiochatapp
  • jio.join
  • good.gamecollection
  • opera.mini.native
  • startv.hotstar
  • meitu.beautyplusme
  • domobile.applock
  • touchtype.swiftkey
  • flipkart.android
  • cn.xender
  • eterno
  • truecaller
Agent smith's Attack flow

Check Point also says that the malware’s operator seems to have attempted to expand into the Google Play Store. It managed to turn up in 11 apps on the Play Store, all of which included code related to a simpler or previous version of the Agent Smith malware. The report notes that the malware remained inactive or dormant, with Google removing all of the apps deemed ‘infected’ or ‘at risk’.

Also Read: Russian spy whale saves a woman's iPhone


 The core reason this app has spread is due to a vulnerability that was patched several years ago within Android but relied on developers updating their apps to add the protection. It’s clear that many have not done so according to these reports. It reiterates the importance of both app updates and Android security patches.

Does your phone still contain this malware?

Check Point says that it has informed Google about what it found on Agency Smith and that Google has cleaned the Play store to remove the apps that were infected with it. "So far, the primary victims are based in India through other Asian countries such as Pakistan and Bangladesh have also been impacted. Check Point has worked closely with Google and at the time of publishing, no malicious apps remain on the Play Store," the company notes.

But it is possible that your Android phone may have it. If you are getting too many ads on your phone, particularly sleazy or dubious ads, scan your phone with a good anti-virus app. At the same time, always follow good security practices. These are:

-- Don't download apps from third-party app stores like 9Apps. it's not worth it, even if you are getting an APK of a paid app for free. If it's free, do understand someone somewhere is benefitting from it. Always download apps from the official Google Play store.

-- If you suspect your phone is infected with Agent Smith, delete data of popular apps like WhatsApp and Flipkart by going into settings and reinstall these apps. Or rather do a factory reset.

-- Update your apps regularly via Google Play

-- Ideally, avoid sleazy apps or gaming apps from unknown sources.

-- While installing an app, carefully look at the permission it is asking for. Ideally, a gaming app should not ask for camera permission or photo app should not ask for network permission. Don't install an app if it seems dubious.

Share this

Related Posts

Previous
Next Post »