Agent Smith
NJCCIC Threat Profile
Original Release Date: 2019-07-10
Agent Smith is a Android malware strain that infects devices and replaces legitimate apps with replicas that show ads to generate profits for the criminal actors. Thus far, the group has infected over 25 million devices, most of which were in India, Bangladesh, and Pakistan. Popular apps that are replaced by Agent Smith include: WhatsApp, AnyShare, Opera Mini, Flipkart, and TrueCaller. Check Point researchers determined the operators of the malware are part of a Chinese technology company. Some 11 apps infected with components of Agent Smith were found on the Google Play store but have since been taken down.
Technical Details and Reporting
- Check Point provides a technical analysis of the Agent Smith malware, here.
UPDATE 07/11/2019: Check Point researchers discovered more than 360 different dropper strains affecting over 112 apps. Analysts assess there are approximately 2.8 billion infections total, and has been observed on devices in Saudi Arabia (245k), Australia (141k), the U.K. (137k), and the U.S. (303k).
Featured Content
- Disaster Relief and Tragedy-Related Scams>
- Flaw in Cosmo DB Could Allow Access to Databases>
- Threat Actors Use Messaging Service as Phishing Lure>
- Back-to-School Cybersecurity>
- Patch Now: Active Exploitation of Microsoft Exchange ProxyShell Vulnerabilities >
- T-Mobile Breach>
- Test Your Cybersecurity Knowledge - Take Our Cyber Quiz Today>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.