Agent Smith

Agent Smith is a Android malware strain that infects devices and replaces legitimate apps with replicas that show ads to generate profits for the criminal actors. Thus far, the group has infected over 25 million devices, most of which were in India, Bangladesh, and Pakistan. Popular apps that are replaced by Agent Smith include: WhatsApp, AnyShare, Opera Mini, Flipkart, and TrueCaller. Check Point researchers determined the operators of the malware are part of a Chinese technology company. Some 11 apps infected with components of Agent Smith were found on the Google Play store but have since been taken down.

Technical Details and Reporting

  • Check Point provides a technical analysis of the Agent Smith malware, here.

UPDATE 07/11/2019: Check Point researchers discovered more than 360 different dropper strains affecting over 112 apps. Analysts assess there are approximately 2.8 billion infections total, and has been observed on devices in Saudi Arabia (245k), Australia (141k), the U.K. (137k), and the U.S. (303k).

NJCCIC