Android Smartphones – Beware of Agent Smith!

Approximately 25 million Google Android devices have been infected (highest percentage in India) with a new variant of mobile malware. Once on a device, it replaces legitimate apps with malicious versions, which has led researchers to call it “Agent Smith” — the iconic villain in “The Matrix” movies.

The malicious versions of the apps bombard victims with ads from which the cybercriminals profit.

Agent Smith Works in Three Stages

1.  Cybercriminals trick people into installing a “dropper app” from an app store or website. A dropper app is a repacked legitimate program that contains an encrypted malicious payload. Because the payload is encrypted, it is not initially identified as malware by basic mobile security software. The dropper apps are typically weaponized games, photo utilities, media players, system utilities, and adult entertainment programs. Researchers even found 11 apps in the Google Play store that contained dormant code related to Agent Smith. (now removed)

2.  The dropper app decrypts the malicious payload into its original form — an Android installation (.apk) file — and uses known vulnerabilities to install the core malware. The core malware is usually disguised as a Google-related updater or “com.google.vending” file. Plus, its icon is hidden, making it even harder for users to know the malware is installed on their devices.

3.  The malware cross-checks the list of apps installed on the device to the list of apps that the hackers have weaponized. If there are any matches, it replaces the legitimate apps with the weaponized ones.

Although Agent Smith is designed to display fraudulent ads at this point, it has the potential to carry out more dangerous types of activities. Researchers noted “it could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping. Due to its ability to hide its icon from the launcher and impersonate existing user-trusted popular apps, there are endless possibilities for this sort of malware to harm a user’s device.”

Precautions to Protect Your Android Device

1.  Do not install apps from untrusted sources. Although malicious apps are sometimes found in the Google Play store, it is still safer to download apps from Google Play than third-party app stores and websites.

2.  Install operating system, app, and firmware updates as soon as they are available. This will help protect your device from malware that exploits known security vulnerabilities. With the vulnerabilities patched, cybercriminals might not be able to install their malware on your device.

3.  Use an advanced mobile security solution. Security software that uses advanced threat detection and prevention technologies will better protect your device against sophisticated malware like Agent Smith. We at CopperTree Solutions can help you pick the best mobile security solution for your device.

Want to find out additional ways to protect your business?  We can help get you started with IT planning items to consider and how IT Services can assist.

CopperTree Solutions serves clients both large and small, in Kitchener, Waterloo, Cambridge, Guelph, Stratford, and around South Western Ontario.

Call 519-804-2461 or Colin.Shantz@ctsol.ca

I want to get started on an IT solution for my business!