The “Agent Smith” Android Malware: Facts

The Agent Smith Android Malware

Researchers from the security firm Check Point Software Technologies discovered in July 2019 a new type of malware affecting Android devices. Dubbed as Agent Smith, it works by replacing a portion of selected Android apps with its own code.

The malware does not steal data from Android users or cause their devices to malfunction beyond use. Instead, it hacks targeted apps by installing its own codes to force them to either to display more ads or take credit for the ads already displayed, thus allowing malware operators to earn from ad views.

According to the security firm, Agent Smith specifically targets known apps such as WhatsApp, Opera Mini, and Flipkart, among others, then replace portions of their codes. The codes also prevent these apps from updating. The researchers noted that over 25 million Android devices were infected as of the date of their findings.

Further research revealed that the Android malware is currently prevalent in India and has some presence in nearby countries such as Pakistan and Bangladesh. Operators seem to be targeting countries in South Asia and the Middle East, as well as Russia and Indonesia. The firm said that there is some presence in the United Kingdom, Australia, and the United States.

Take note that the malware spreads through third-party app stores; most notably the 9Apps application popular in the Middle East and South Asia. It is hidden inside certain apps such as barely functioning photo utility, games, or sex-related apps.

After downloading and installing the carrier app, Agent Smith would launch as a disguised Google-related app, such as a “Google Updater.” The launch would begin the process of targeting specific apps already installed on the device and begin the process of replacing their codes.

Check Point reminded that while the malware functions to allow its operators to earn ad revenues, its design could be used easily for more intrusive and harmful purposes such as banking credential theft and eavesdropping. The researchers noted that it appears that a Chinese company is behind the app.

Preventing infection includes using only trusted app stores, particularly Google Play. For infected devices, the best way to remove the malware is to uninstall infected apps or restore the device to factory setting to delete all app data and caches.


  • Check Point Software Technologies. 2019, July 10. “25 Million Infected Devices: Check Point Research Discovers New Variant of Mobile Malware.” Check Point. Available online
Posted in Articles, Science and Technology and tagged , , , .