One of the most annoying things about malware is its tendency to replicate and spread. This allows it to jump ship from device to device — sometimes even reaching the status of a full-blown epidemic. And just like a real disease, once malware is inside enough systems, it becomes even harder to stop.
Even worse than rapidly spreading malware, however, is malware that moves silently. A recent security threat has been compromising millions of Android devices across India without users even knowing it’s hit them. Behind the scenes, it quietly copies itself and replaces trusted apps with compromised versions. What’s more, the threat has moved across the ocean — and has already started infecting phones right here in the U.S.!
With so many devices falling victim to this malware, security researchers around the world are encouraging internet users to stay safe and avoid online spaces where the virus is known to be lurking. We’ll break down what this malware does, and what you need to know to steer clear of its shadowy grip.
What is AgentSmith malware?
Named after Hugo Weaving’s iconic digital villain from The Matrix series, AgentSmith malware contains a talent that perfectly matches its namesake — the ability to copy itself and replace existing programs.
When an Android phone is infected with AgentSmith, the malware covertly runs in the background without the user’s knowledge. Behind the scenes, it replaces the user’s collection of apps with altered copies that contain a number of malicious codes.
Some of these doppelganger apps will display advertisements that wouldn’t normally be present — ads that generate profit and income for the hackers behind AgentSmith. On top of this, many of the altered apps contain code that prevents the phone from updating and removing them in favor of their true counterparts.
As of the time of this writing, security analysts have found that at least 25 million devices across India have been infected with AgentSmith. This is where the malware appears to have originated, but it’s no longer contained to India anymore.
After investigating further, researchers found that 300,000 devices have been infected in the U.S. alone, with even more instances cropping up in countries like the U.K. and Australia.
The virus appears to have begun its journey through the app repository 9Apps, which acts as an unauthorized third-party app store for Android. The site is exceedingly popular and doesn’t screen apps under the same scrutiny as the Google Play Store (which is a terrifying prospect on its own).
How can I stop AgentSmith?
You don’t need to be Neo to keep AgentSmith away. Right now, the threat seems to be mostly contained to 9App’s offerings, although the hackers did attempt to upload infected software to the Google Play Store at least 11 times recently. The problematic apps were caught and removed by Google, however.
To this point, the best way to protect yourself is to avoid downloading software from unfamiliar locations that could be compromised by hackers. Even though the Google Play Store has had issues with faulty software in the past, it’s still the safest place to get apps for your Android gadgets.
Plus, it’s supported by Google itself, which means issues with specific apps can be reported and acted upon in the event of a malware infection.
If you’re unsure if your device has been affected by AgentSmith, the best thing you can do is look at the ads that appear in the apps you’re running. If you see an unusual number of spammy or pornographic ads in apps that wouldn’t otherwise have them, you might just have AgentSmith lurking on your device.
The best solution for this scenario is a complete restoration of your Android phone’s software and an update to the latest version of Android itself.
The Matrix may “have you,” but AgentSmith probably won’t as long as you stick to the well-lit corners of the internet. Just make sure to keep an eye out for any suspicious ads on your device. You never know what might be hiding beneath the surface.