2 min

Tags in this article

, ,

Check Point security researchers have discovered a new malware called Agent Smith. The malware, disguised as a Google-related application, has infected more than 25 million devices worldwide, of which 15 million in India alone.

Agent Smith replaces automatically installed apps with malicious versions, without the user noticing anything. The malware takes advantage of known Android vulnerabilities. Thanks to close cooperation between Check Point and Google, the rogue apps would no longer be available on the Play Store.


Once the malware has gained access to a device, it displays fraudulent advertisements for financial gain. In addition, Agent Smith can easily be used for stealing bank details or espionage. According to Check Point, the malware shows similarities to malware such as Gooligan, Hummingbad and CopyCat.

The malware attacks installed applications unnoticed, making it a challenge for ordinary Android users to fight such threats independently. A combination of advanced threat prevention and threat intelligence, along with a hygiene first approach to the protection of digital assets, is the best defence against mobile malware attacks such as Agent Smith, says Jonathan Shimonovich, head of Mobile Threat Detection Research at Check Point.

Dropper app

According to Shimonovich, users should only download apps from reliable app stores. This is to reduce the risk of infection. Malicious code is usually hidden in a so-called dropper app. Third party app stores would not always take the appropriate security measures to block apps with adware.

Agent Smith was also originally downloaded from the widely used third party app store called 9Apps. The malware focuses on Hindustani, Arabic, Russian and Indonesian-speaking people. Although most of the victims are in India, Asian countries such as Pakistan and Bangladesh have also been affected. In addition, many devices have been infected in the United Kingdom, Australia and the USA.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.