A new malware is in town and its spreading like wildfire… it is called Agent Smith. The malware has already infected over 25 million android smartphones and still counting.
Dubbed after the iconic villain from The Matrix film, the malware replaces apps such as WhatsApp with fake ones that generate ad revenue for the owners of the program.
The new variant of mobile malware has infected around 25 million devices worldwide; with many users unaware that virus is currently on their device. Devices in UK, US, Australia, India, Pakistian and Bangladesh has been greatly impacted.
How Does Agent Smith Malware Work?
The malware disguises itself as a Google related application and automatically replaces installed apps on the phone with malicious versions without the user’s knowledge. It has 3 major attack flows;
1. The attacker lures users to download a dropper application from third party app store such as 9Apps. These droppers are usually disguised as free games, utility applications or adult entertainment applications, yet contain an encrypted malicious payload.
The dropper application then checks if any popular applications, such apps include WhatsApp, MXplayer, ShareIt and more from the attacker’s pre-determined list, are installed on the device. If any targeted application is found, “Agent Smith” will then attack those innocent applications at a later stage.
2. Dropper gains a foothold on victim device, it automatically decrypts the malicious payload into its original form – an APK (Android installation file) file which serves as the core part of “Agent Smith’s attack.
3. At this stage, Agent smith launch an attacks on each installed applications on the device that appears on the target list.
How to Remove it From Infected Smartphones
If you have been infected by apps such as those described in “Agent Smith”, here is how to remove them.
1. Go to Settings Menu
2. Click on Apps or Application Manager
3.Scroll to the suspected app and uninstall it
4. If it can’t be found then remove all recently installed apps
1. Go to Settings Menu
2. Scroll to ‘Safari’
3. On the list of options, ensure that ‘block pop-ups’ is elected
4. Then go to ‘Advanced -> ‘Website Data’. 5. For any unrecognised sites listed, delete this site.