Agent Smith malware sneakily replaces all your apps

mobile malware
(Image credit: Shutterstock.com) (Image credit: Shutterstock.com)

Android users have been warned to watch out for a new form of mobile malware that cannibalises apps.

The malware, dubbed "Agent Smith" by researchers at Check Point Research, disguises itself as an official Google-related application to get embedded on a victim's device. 

It then exploits known Android vulnerabilities and automatically replaces installed apps – such as WhatsApp – with malicious versions without users’ knowledge or interaction, before showing fraudulent ads to the user, earning money for the criminals behind the operation. A new challenge for antivirus software.

Advanced threat

Check Point says that around 25 million devices have already been infected by the Agent Smith malware - 15 million of which in India, where it appeared on popular third-party app store 9Apps, but also in the UK, Australia and US.

The researchers say that although at the moment the malware may be more annoying than damaging, its effects could be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping.

“The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own,” said Jonathan Shimonovich, head of mobile threat detection research at Check Point Software Technologies. 

“Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like “Agent Smith”. In addition, users should only be downloading apps from trusted app stores to mitigate the risk of infection as third party app stores often lack the security measures required to block adware loaded apps.”

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.