Agent Smith Mobile Malware

Agent Smith Mobile Malware


"Agent Smith" is an android malware that is recently discovered by CheckPoint security researchers. This malware has infected around 25 million devices in the world and is spreading at the alarming rate. Most of the victims are located in India, Pakistan and Bangladesh, followed by UK, Australia and the US.

This malware is embedded as an encrypted APK file in free game and photo editor applications and these applications are also existed in trusted markets like Google play store. After the mentioned applications being installed by the victim, the core part of the malware (an encrypted APK file embedded), will be decrypted, installed and executed (without the user interaction and interference) and then it removes it's icon, all through the various known vulnerabilities such as Janus and Bundle and Man-in-the-Disk attack. Then, the core malware, replaces the installed legitimate apps on the device with malicious versions (with malicious code injected) without the user interaction.

To select an installed application in the victim's device as a target to infect, this malware uses an application list, hard-coded in the application code or received from a C&C server. In the various versions of "Agent Smith" observed so far, this malware has been used for financial gain only through the use of malicious advertisements. However, it could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping.

Symptoms of infection
Infected legitimate apps like WhatsApp installed on the device show advertisement.

Methods of Clearing Mobile Infected
Identify and uninstall applications comprised of malicious code, in the "application manager" or "apps" section of the device settings. If the malicious applications could not be identified, uninstall all recently installed apps.

Methods of Infection Prevention
The following recommendations can play a significant role in preventing the mobile phones from being infected by the above-mentioned malwares.

  • download and install applications from the trusted sources
    to minimize probability of installing malware, it is better to download and install applications from trusted sources like Google play store; though there is still probability of installing malware from any source, based on the observed security news.
  • Updating android operating system of the device
    To prevent hackers from exploiting the known android vulnerabilities, it is better to update the android operating system to the latest version, existing for the device.
  • Using APK Signature Scheme V2 by the android application developers
    To confront Janus vulnerability, it is recommended that APK Signature Scheme V2 to be used for signing the applications by the android developers.
  • Install anti-virus software and update it periodically
    in recent years, the widespread prevalence of malware and viruses on android mobile devices caused many problems for smart phone users, so installing an anti-virus program is one of the essentials to prevent the android devices to be infected and malwares to be spread.

also notice that always use a trusted and reliable anti-virus program and update it periodically to detect newly released malwares as soon as possible.