New Malware, Agent Smith, Infected as Many as 25 Million Androids

News Agent Smith Malware Featured

At some point we seem to have become immune to the shock of large catastrophic events happening to our phone and devices. Sometimes it barely even registers as news.

This happens to be one of the times where it is registering as news but perhaps not as much as it should. A new malware, Agent Smith, has infected as many as 25 million Android devices, replacing installed apps with malicious versions of the same software without the user even knowing.

Agent Smith Poses as Installed Software

Security firm Check Point named the malware Agent Smith because of the crafty way it attacks devices without being detected. It has possibly infected up to 25 million devices.

Instead of stealing data from you, Agent Smith hacks the apps you already have installed on your Android phone or tablet and forces them to show more ads or will take credit for the existing ads to profit off them. According to Check Point, the malware looks for popular apps, such as WhatsApp, Opera Mini, etc., the replaces the code with its own code, preventing them from being updated.

Primarily, devices in India and its neighboring countries were infected by Agent Smith because it spread through a third-party app store popular in that area, hidden inside “barely functioning photo utility, games, or sex-related apps,” according to Check Point. After it’s downloaded, it shows up as being Google-related, then gets to work replacing code.

News Agent Smith Malware Android

It also hit the United States, infecting more than 300,000 devices. There was an attempt by the malware’s operator to reach the Google Play Store, getting eleven apps with simpler code than the other version added. It was never activated there, though, and Google has since removed the infected apps.

Boris Cipot, senior security engineer at Synopsys Integrity Group, notes how easy it is to be infected. With downloading apps being a “five-second act,” he notes that “once you’ve confirmed the install, it’s too late to change your mind.”

Additionally, he explains that the spreading of malware through apps is a “widely accepted practice” because there is “access to many user interaction points” that can help an attacker spread the malware. “Since users often do not check details around what software is being used within the app and who created it, attackers have many opportunities to push their malware on user devices.”

Preventing Malware Attacks Through App Stores

Cipot suggests, “One way to remain vigilant against attacks is to only use app stores with strict application development policies and reviews. Be observant and cautious with regard to what you install on your mobile devices.

“Before confirming installation, have a look to see where the app comes from, if there are reliable sources reviewing the app, and investigate the default permissions.”

Were you hit by the Agent Smith malware? How do you plan to stay safe from it? Chime in to the comments below and let us know your experience.

Laura Tucker Laura Tucker

Laura has spent nearly 20 years writing news, reviews, and op-eds, with more than 10 of those years as an editor as well. She has exclusively used Apple products for the past three decades. In addition to writing and editing at MTE, she also runs the site's sponsored review program.


  1. To all who is thinking something’s wrong with your phone or if it is acting weirdly,
    Reboot your phone to safe mode and uninstall the suspicious app which you think is not installed by you intensionally.
    And also remove apps which is not from playstore or any untrusted sources.
    Reboot back to system.

    1. “also remove apps which is not from playstore or any untrusted sources”
      Very sage advice. Didn’t Google delete around 700,000 apps from its store recently because they contained malware? See also Laura Tucker’s article “Google Adds to Its Malware Woes with Yet Another Found in Google Play Store”. So much for “trusted” sources! If you can’t trust Google, who can you trust?

      1. yes i agree.
        but those apps were removed before it could spread.
        majority of them download without referring to permissions it asks prior every install.
        i mean, that is why playstore has such safety interface presented to users that whether agree and download.
        no one is perfect here.
        come on users! wake up!

        1. “but those apps were removed before it could spread”
          No. These apps were removed precisely because they DID spread and the affected users complained. Those apps should have never been put in the Play Store in the first place.

          Google has very poor record of vetting applications that are placed in the Play Store. Anybody can add an app they developed to the Play Store. Nobody at Google will review the app until users start complaining. That is no way to run a software repository. No other software provider is that sloppy in maintaining their store.

  2. Ironic isn’t it. How many malicious apps on Apple’s IOS. Precious few if any. That is because Apple tests everything that wants to be in their repositories. About the only thing positive I can say about Apple. Ironically.

Comments are closed.