Managed Services Australia Logo - Different Size

Android devices are at risk due to hidden malware in third party app stores.


July 15, 2019

An unsettling wave of malware, named “Agent Smith”, is jeopardising Android devices. So far, 25 million phones have been ensnared, swapping legitimate applications with their sinister clones that showcase unauthorised ads. Investigations link this operation to a firm situated in China and note a high prevalence of this threat in India, Pakistan, and several Asian countries.

How Does “Agent Smith” Operate?

Research insights reveal the malware preys on phones unfortified against a plethora of old vulnerabilities, notably the Janus flaw from 2017. Deceitfully disguised as harmless apps – such as image editors, porn-related content, or games – these dropper programs are sourced from third-party app stores. Once on a device, these programs unleash the malicious “Agent Smith” payload.

The treacherous sequence proceeds as follows:

  1. Deception: The core malware hides under benign names like “Google Updater” or “Google Update for U” and remains inconspicuous by masking its icon.
  2. Infiltration: The malware scrutinises the device’s apps, subsequently downloading malicious updates to “patch” any recognised applications, capitalising on the Janus vulnerability to infect these apps.
  3. Substitution: Check Point’s assessment indicates that up to 112 genuine apps can be replaced on a victim’s phone, only to show illicit ads.

Remarkably, these rogue applications also have the capability to intercept legitimate ad displays from compromised apps and deceive the original ad-exchange.

The Backbone of Your Business

Origins and Primary Targets

A third-party app store, 9App, is the primary distributor of the “Agent Smith” dropper, with its predominant user base being Hindi, Arabic, and Indonesian. Through extensive research and analysis of the command-and-control servers, the culprits have been traced back to a Chinese entity located in Guangzhou.

Interestingly, the malware largely impacts phones operating on Android version 5.0 and version 6.0, while Google’s most recent Android OS version remains comparatively safe.

A Collective Defense Mechanism is Paramount

This surge of “Agent Smith” underlines the importance of holistic security measures. It’s not just the system developers that need to be vigilant; device manufacturers, app developers, and users must unite to ensure vulnerabilities are swiftly identified and patched.

If you’re concerned about your device’s security, or just seeking expert guidance, don’t hesitate.

Reach out to our expert team at 📞 1300 024 748 or drop a line through our contact form. Your uninterrupted operations are just a call away.

Discover more about Managed Services Australia and our comprehensive tech solutions.

Dive into a world of tech advancements by visiting our Technology Centre. Begin your journey with a strategic purchase today!

Book a consultation with Managed Services Australia.

Start your journey towards seamless IT solutions with us today – unlock your business’s true potential!