Malware is something that affects all platforms, be that smartphones, tablets, and desktops. According to a report by security firm Check Point, the ‘Agent Smith’ malware has infected more than 25 million Android devices with its malicious ad injection.
Check Point believes that the ‘Agent Smith’ malware originated in China via an internet firm that helps Chinese Android app developers to localize and publish their apps in foreign markets. It’s spread through a third-party app store called 9Apps that is popular in Asian markets.
The malware gained its name because it mimics the famous Matrix character, as it hacks apps and forces them to show more ads and then siphons the ad revenue by taking credit for ads already shown.
Agent Smith has mainly infected devices in India, Pakistan, and Bangladesh. However, around 303,000 devices have been infected in the US and a further 137,000 devices in the UK. Some of the apps that ended up being infected include WhatsApp, Opera, MX Video Player, Flipkart, and SwiftKey.
Check Point also says that the malware’s operator seems to have attempted to expand into the Google Play Store. It managed to turn up in 11 apps on the Play Store, all of which included code related to a simpler or previous version of the Agent Smith malware. The report notes that the malware remained inactive or dormant, with Google removing all of apps deemed ‘infected’ or ‘at risk’.
The core reason this app has spread is due to a vulnerability that was patched several years ago within Android but relied on developers updating their apps to add the protection. It’s clear that many have not done so according to these reports. It reiterates the importance of both app updates and Android security patches.
More on Android:
- PSA: Google Messages Beta v4.7 crashes immediately on startup
- It’s okay for Google to kill your favorite features — in fact, they must
- Report: Over 1,000 Android apps take your data, even despite permission blocks