Skip to main content

Report: ‘Agent Smith’ malware infected over 25 million Android devices

Malware is something that affects all platforms, be that smartphones, tablets, and desktops. According to a report by security firm Check Point, the ‘Agent Smith’ malware has infected more than 25 million Android devices with its malicious ad injection.

Check Point believes that the ‘Agent Smith’ malware originated in China via an internet firm that helps Chinese Android app developers to localize and publish their apps in foreign markets. It’s spread through a third-party app store called 9Apps that is popular in Asian markets.

The malware gained its name because it mimics the famous Matrix character, as it hacks apps and forces them to show more ads and then siphons the ad revenue by taking credit for ads already shown.

Agent Smith has mainly infected devices in India, Pakistan, and Bangladesh. However, around 303,000 devices have been infected in the US and a further 137,000 devices in the UK. Some of the apps that ended up being infected include WhatsApp, Opera, MX Video Player, Flipkart, and SwiftKey.

Check Point also says that the malware’s operator seems to have attempted to expand into the Google Play Store. It managed to turn up in 11 apps on the Play Store, all of which included code related to a simpler or previous version of the Agent Smith malware. The report notes that the malware remained inactive or dormant, with Google removing all of apps deemed ‘infected’ or ‘at risk’.

The core reason this app has spread is due to a vulnerability that was patched several years ago within Android but relied on developers updating their apps to add the protection. It’s clear that many have not done so according to these reports. It reiterates the importance of both app updates and Android security patches.

More on Android:

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Comments

Author

Avatar for Damien Wilde Damien Wilde

Damien is a UK-based video producer for 9to5Google.

Find him on Threads: @damienwildeyt

Email: damien@9to5mac.com / secure email: damienwilde@protonmail.com


Damien Wilde's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications