‘Agent Smith’ infects 15mln devices in India: 5 things you need to know about the malware

‘Agent Smith’ has affected over 25 million devices around the world. Disguised as Google app, the malware is capable of installing apps on the device with malicious versions without you ever finding it out.

| Updated on: Jul 11 2019, 16:44 IST
‘Agent Smith’ malware explained
‘Agent Smith’ malware explained (Checkpoint)
‘Agent Smith’ malware explained
‘Agent Smith’ malware explained (Checkpoint)

CheckPoint Research, a cyber security firm, has discovered a dangerous malware. Dubbed as 'Agent Smith', the malware has affected 25 million devices around the world. About 15 million mobile devices in India were infected by the malware, according to CheckPoint's report.

What is Agent Smith malware, how it works?

The malware appears as a Google-related application and the core part of malware is capable of exploiting several Android vulnerabilities. The malware quietly replaces the original install apps with infected versions - without users' knowledge or consent.

When and how was it detected?

CheckPoint researchers revealed they observed a steep hike in malware attack on Android devices in India earlier this year. After further investigation, researchers discovered a common pattern in the way malware works.

"The core malware is usually disguised as Google Updater, Google Update for U or "com.google.vending". The core malware's icon is hidden," said researchers in a blog post.

Here's how Agent Smith malware works
Here's how Agent Smith malware works (Checkpoint)
image caption
Here's how Agent Smith malware works (Checkpoint)

Researchers pointed out that "Agent Smith" droppers were mainly distributed through non-Google and Apple stores such as "9Apps" which is a UC-backed platform and is targeted at Hindi, Arabic, Russian, Indonesian speaking users.

What cyber criminals gain from the malware?

According to the report, Agent Smith malware can help hackers gain access to affected users' critical data such as banking credentials. It can also eavesdrop on users without their knowledge. While the malware is unique, it does bare resemblance to similar Gooligan, Hummingbad and CopyCat malware campaigns.

Impact of Agent Smith

Researchers revealed the top five most infectious droppers had been downloaded over 7.8 million times. Some of these apps are Color Phone Flash - Call Screen Theme, Photo Projector, Rabbit Temple, and Kiss Game: Touch Her Heart.

India was one of the worst affected nations with 15 million devices. Researchers said other Asian countries such as Pakistan and Bangladesh were also affected. Countries such as the UK, US and Australia also suffered.

Should you be worried?

CheckPoint claims it has worked with Google closely to remove all such malicious apps from the Google Play Store. Users are advised to download applications from trust app stores and also avoid applications that are intrusive. For instance, a Flash or mobile torch app should not ask for permissions to access your contacts. Regularly visit Google's privacy dashboard to keep an eye on your device activity. Two-step verification for important log-ins is a must for everyone.



Follow HT Tech for the latest tech news and reviews , also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 11 Jul, 16:43 IST