Agent Smith virus hides in WhatsApp, infests 1.5 crore Android phones in India: What is it, should you worry
Aptly named, Agent Smith virus is taking over Android phones across the world. It has so far infected over 25 million phones of which over 15 million (over 1.5 crore) are in India. The virus, which serves ads on the infected phones, spreads through third-party app stores like 9Apps and once it is on a phone, it hides itself by changing its name to a regular-looking app like Google Updater.
The information has been revealed by Check Point, a company that makes security apps and often provides guidance on cyber security threats. "Disguised as a Google-related application, the malware exploits known Android vulnerabilities and automatically replaces installed apps with malicious versions without users' knowledge or interaction... Dubbed Agent Smith, the malware currently uses its broad access to the devices' resources to show fraudulent ads for financial gain, but could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping," noted Check Point.
The way Agent Smith works in scary and ingenious. Check Point reveals that the Agent Smith mostly spreads through third-party app stores like 9Apps. Google's own Play store is regulated in a better way, something that makes it difficult -- but not impossible -- for malicious code or virus like Agent Smith to spread on Android phones.
But third-party stores are often used by Indian Android users to download various apps, or the modified versions of apps. The Agent Smith usually hides in sex-related apps, games and photography apps. Once the app has been installed on the phone, the Agent Smith uses permissions given to it by users -- and users often say yes to all permissions while installing an app -- to modify its name to something that looks more "authentic" like Google Updater or Google Themes or something else with Google in it.
At the same time, Agent Smith also starts injecting its code into the bits of other popular apps like WhatsApp and Flipkart. This code is then used to serve more ads to users.
Given the way it works, detecting Agent Smith is very difficult. "The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own," said Jonathan Shimonovich, Head of Mobile Threat Detection Research at Check Point Software Technologies. "Users should only be downloading apps from trusted app stores to mitigate the risk of infection as third party app stores often lack the security measures required to block adware loaded apps."
Does your Android phone have Agent Smith or is your WhatsApp infected
Check Point says that it has informed Google about what it found on Agency Smith and that Google has cleaned the Play store to remove the apps that were infected with it. "So far, the primary victims are based in India though other Asian countries such as Pakistan and Bangladesh have also been impacted. Check Point has worked closely with Google and at the time of publishing, no malicious apps remain on the Play Store," the company notes.
But it is possible that your Android phone may have it. If you are getting too many ads on your phone, particularly sleezy or dubious ads, scan your phone with a good anti-virus app. At the same time, always follow good security practices. These are:
-- Don't download apps from third-party app stores like 9Apps. it's not worth it, even if you are getting a APK of a paid app for free. If it's free, do understand someone somewhere is benefitting from it. Always download apps from the official Google Play store.
-- If you suspect your phone is infected with Agent Smith, delete data of popular apps like WhatsApp and Flipkart by going into settings and reinstall these apps. Or rather do a factory reset.
-- Ideally, avoid sleezy apps or gaming apps from unknown sources.
-- While installing an app, carefully look at the permission it is asking for. Ideally, a gaming app should not ask for camera permission or photo app should not ask for network permission. Don't install an app if it seems dubious.