Cyber-security is one of the major concerns that the world is dealing with today. Devious variants of Ransomware, Spyware & Viruses seem to sprang up every now & then, to steal personal information of the users & extort money from them.
While renowned cyber-security firms assure that most of such issues are under control, the attack of Agent Smith Virus melted the veil away.
Agent Smith Virus is a new variant of android phones malware that surfaced to lime-light last week. It has infected over 25 Million Android users around the globe so far, including 15 million mobile devices in India.
This new advertising malware is targeting the infected devices with dubious & malicious pop-up ads, when the users open the apps.
Reports by Check Point, an Israel-based IT firm, states that Agent Smith Virus is propagating its infection through the unverified apps that are available on third-party app stores.
|Targeted Operating System||Android|
|Symptoms||Appearance of dubious ads while using apps such as Whatsapp, Flipkart, Twitter|
Agent Smith Virus, a new kind of advertising malware, is taking over Android Devices at an alarming rate. It has been specifically created to target Android Devices with dodgy pop-up ads & generate illicit revenue in return.
Reports claimed Check Point to be the whistle-blower for this Android Malware. It is an Israel-based cyber-security firm that conducted detailed analysis of this malware’s threat behavior.
The analysis revealed that Agent Smith Malware is spreading its infection via third-party App Stores such as 9apps.com & exploiting known vulnerabilities of Android OS. The virus takes cover in the photography & gaming apps available on third-party app stores.
The Virus has infected over 25 Million Android Users world-wide, including 15 Million in India, 300,000 in the United States & 137,000 in the United Kingdom. Other countries that have been impacted by Agent Smith Virus include Pakistan, Australia & Bangladesh.
Keen observance of Check Point team found that users often tend to allow “All” the permissions to the applications while installing this app. The hackers behind Agent Smith Virus take leverage of incautious attitude of mobile users.
1). The attack initiates with the app downloaded from third-party app store. These applications, typically, are dubious versions of the legit apps that are laden with advertising malware.
2). Once the user downloads & installs these apps, Agent Smith Malware leverages the permissions given to the app. It gets installed on the device simultaneously & renames as a Google-related application to get an “authentic” look. These names may include Google Updater, Google themes, Google Powers & Google Installer for U. By exhibiting its association with Google, this devious virus escapes detection.
3). Thirdly, the core Android Package File (.apk) of the malware extracts a list of installed apps on the device & scans it for the targeted app. The virus injects malicious code & ad modules to the .APK Files of the app when found. This way it infects the legit applications to serve pop-up ads whenever the user opens it.
Some of the legitimate apps such as Whatsapp, Flipkart & Opera Browser have been reported to be replaced by the malicious versions to serve ads. As per the researchers, the ads are not malicious. However, the ad fraud scheme initiated by the hackers will have them earn money for every intentional/unintentional click on the injected ads.
Not only this, the attack of Agent Smith Malware may also lead to cyber-security breach, eavesdropping and data theft & banking credentials theft.
Though the malvertising scheme has been initiated from a third-party app store, the official Android App Store wasn’t untouched.
The researchers found around 11 infected apps with malicious yet dormant code components on the Google Play Store. The malicious components were found associated with the Agent Smith Virus actor.
As soon as Google realized the impact of the malware, it took countermeasure step & removed malicious applications from the Play Store. The Agent Smith virus-laden apps are no longer available for download.
Some of the malicious applications that have been removed by the Google include –
The researchers have found that Agent Smith Malware has been around since January 2016. The hackers behind Agent Smith Virus began plotting an array of dropper apps by taking cover in third party App Store– 9apps.com, thus making it the prime distribution channel.
9apps.com is a third-party App Store that is typically used to download modified/cracked versions of software.
The dropper applications available on the 9apps contain Agent Smith Virus masqueraded as free gaming apps, photography apps & some adult-entertaining applications.
When these virus-laden apps are downloaded & installed on a user’s phone, it searches for legit applications on the device such as Whatsapp, MX Player, Flipkart and Shareit. When found, it inserts malicious codes in .APK Files of the apps.
The applications are then replaced with its malicious versions to serve dubious pop-up ads, whenever user opens the application.
Identifying the presence of Agent Smith Malware on your Android Device is fairly simple. Following are the check-points that you may refer to, to detect the new advertising malware on your smart-phone.
1). Open Google Play Store on your device.
2). Click on (≡) given at top-left of the screen.
3). Find “Play-Protect” from the list & click on it.
4). Look for the applications that are flagged as harmful by the Play-Protect.
5). Uninstall the harmful applications, if any, until “No Harmful apps found” displays.
1). Open “Settings” on the smart-phone & go to “Apps” section.
2). Look for the suspicious program such as “Google Updater”, “Google Themes”, “Google Powers” and “Google Installer for U” in the list of Applications.
3). Click on “Uninstall” to delete the application from the device.
1). Go to “Settings” on your Android Device.
2). Now go to “System Settings”.
3). Find the option “Backup & Reset”. Back up your data (Images, Videos, Documents and Installed Applications) on a backup account (e-mail or Google Drive).
4). Once the backup of your data has been created, click on “Factory Data Reset”.
5). A confirmation option will appear. Click on the option to proceed with re-setting the device.
Following good cyber-security practices & being cautious while surfing net & downloading/installing applications, may help prevent Agent Smith Malware infection:
1). Do not use third-party App Stores to download applications (modified/cracked versions). These App Stores may offer an .APK File of a paid application for free. However, please note that nothing is free in today’s digital world, somewhere someone is befitting from it.
2). Always download applications from the Official Android App Store – Google Play Store.
3). Avoid downloading gaming/photography apps from unknown sources.
4). If you observe legit applications installed on your device are exhibiting unexpected behavior /displaying ads, delete them immediately. Install them again from Official Android App Store Only.
5). Keep your Android Device System & installed-applications updated to the latest version.
7). Enable the Ad-Blocker on the browser you use to browse on your Android device. This will help you stay protected from infuriating adware.
8). Ensure “security options” given in the Play-Protect are enabled. This will help Google to check your device, prevent & warn you about the potential harm from the applications.
9). Be careful while installing an application on your Android Device. Do not give unnecessary permissions to the apps outside its usage. Avoid installing such apps.
10). Remove the applications that have been marked as harmful by Play-Protect, immediately. Be vigilant & do not give any room to the hackers to succeed in their fraudulent schemes.
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
The researchers at Virus Removal Guidelines are dedicated to track down the latest vulnerabilities which may infringe your system security. Our team of expert performs a detailed research about every malware infection before educating our users about the same.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.