Check Point Security Discovers Agent Smith In Android Devices

Over 25 million mobile phone users have had an unfortunate run-in with the malware version of Agent Smith – the computer-generated arch villain that the valiant human hero Thomas A. Anderson/Neo battle against in the Matrix movie franchise. The malicious code was packaged as part of game, photo and adult content apps found on unofficial Android app stores where they could be downloaded by unsuspecting individuals looking for a fun diversion.

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now

Originally discovered by security analysts at Check Point Research earlier in July, it was reported that their experts had identified over 360 different dropper strains – a method for infecting a device through multiple stages – of the malware that has been circulating amongst mobile users for the past two years. Agent Smith was originally downloaded from the popular third-party app store, 9Apps, and predominantly targeted users in India (15 million of the 25 million cases) and other Asian countries like Pakistan and Bangladesh.

When installed, the Agent Smith malware replaces authentic Android apps with an ill-intentioned simulacrum that floods the user’s phone with ads. The software also has the capabilities to monetize genuine advertisements by seizing an ad event and reporting back to the ad manager with the cyberhacker’s own campaign ID. Researchers say that while the effects could be categorized as more annoying than damaging, it has the capacity to be far more devastating if it was designed to seize more sensitive information – such as banking credentials.

“The core malware extracts the device’s installed app list,” Check Point’s researchers explained. “If it finds apps on its prey list (hard-coded or sent from C&C server), it will extract the base APK of the target innocent app on the device, patch the APK with malicious ads modules, install the APK back and replace the original one as if it is an update.”

Users are being asked to take the red pill and embrace the harsh truth that their mobile phone is not a tranquil oasis of secured information and entertainment. The ugly reality that cyberhackers can access an individual’s personal information without them knowing it and the importance of protecting their devices from threats seen and unseen.

“The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,” said Jonathan Shimonovich, Head of Mobile Threat Detection Research at Check Point Software Technologies. “Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like ‘Agent Smith’. In addition, users should only be downloading trusted apps from trusted app stores to mitigate the risk of infection as third-party app stores often lack the security measures required to block adware loaded apps.”

“Hygiene-first” refers to a set of best practices that can be used to protect against cyber-attacks, including changing passwords regularly, ensuring all software is updated regularly, limiting the number of users with access to accounts, making use of a secondary backup source, and purchasing reputable cybersecurity software such as Check Point’s SandBlast Mobile product. Checkpoint advises that developing comprehensive cybersecurity procedures – in conjunction with enterprise-wide security practices – can assist with maintaining a sound security position that can stop attackers.

In the words of the original Matrix AI with attitude, Agent Smith, who was eventually foiled by Thomas A. Anderson/Neo’s efforts to save mankind from a full-scale digital incursion: “Hmm, Mr. Anderson. You disappoint me.”