Researchers at Check Point Software Technologies LLC, have identified a new variant of malware for Android devices, that they have called “Agent Smith.” The application is reportedly disguising itself as Google related applications. It appears to be that most of the victims of the malware are located in India or other Asian countries, but a number of infected devices in the U.S., U.K., and Australia have been reported as well.
Researchers have determined that the malware is currently acting to display fraudulent advertisements for financial gain. However, the malware could be used for more intrusive or harmful purposes. The malware has the ability to hide its icon from the user as well as impersonate existing user applications. It is reported that the malware can infect smartphones that have been updated past Android v.7.
This version of malware has the ability to infect other predetermined common applications that could be on the device, by checking the installed applications. Applications such as WhatsApp, MXplayer and more may be potentially exploited by the malware. The malicious application was originally downloaded from a third-party app store called 9Apps. Many third-party app stores lack security measures to check apps on their store for malicious payloads.
Check Point recommends that if you suspect you have downloaded an application that could contain the “Agent Smith” malware, immediately navigate to your device’s application manager and uninstall the application. If you are unable to find it, they recommend uninstalling all recently installed applications. It is also recommended that you keep your device up to date with the latest version of the operating system available as they frequently release updates and patches to fix known vulnerabilities. As a reminder, experts suggest that you only download applications from trusted sources.
Email: firstname.lastname@example.org Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology