Guest Post – Have an Android Smartphone? Beware of Agent Smith

Another guest post by Tony Chiappetta of CHIPS

Agent Smith is frightening Google Android users around the world. This malware has replaced legitimate apps with malicious versions on 25 million Android devices. Here is what you need to know.

Around 25 million Google Android devices have been infected with a new variant of mobile malware. Once on a device, it replaces legitimate apps with malicious versions, which has led researchers to refer to this malware as “Agent Smith” — the iconic villain in “The Matrix” movie trilogy who transforms from a system agent (i.e., an AI program) to a self-replicating virus that spreads itself at an alarming rate.

The malicious versions of the apps bombard victims with ads from which the cybercriminals profit. While most of the victims are located in India (15.2 million), there are nearly a half a million victims in the United States and the United Kingdom.

How the Malware Works

Agent Smith is sophisticated malware that works in three stages:

  1. Cybercriminals trick people into installing a “dropper app” from an app store or website. A dropper app is a repacked legitimate program that contains an encrypted malicious payload. Because the payload is encrypted, it is not initially identified as malware by basic mobile security software. The dropper apps are typically weaponized games, photo utilities, media players, system utilities, and adult entertainment programs. Researchers even found 11 apps in the Google Play store that contained dormant code related to Agent Smith. (Google has removed these programs.)
  2. The dropper app decrypts the malicious payload into its original form — an Android installation (.apk) file — and uses known vulnerabilities to install the core malware. The core malware is usually disguised as a Google-related updater or “” file. Plus, its icon is hidden, making it even harder for users to know the malware is installed on their devices.
  3. The malware cross-checks the list of apps installed on the device to the list of apps that the hackers have weaponized. If there are any matches, it replaces the legitimate apps with the weaponized ones.

Although Agent Smith is designed to display fraudulent ads at this point, it has the potential to carry out more dangerous types of activities. The researchers noted that “it could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping. Indeed, due to its ability to hide its icon from the launcher and impersonate existing user-trusted popular apps, there are endless possibilities for this sort of malware to harm a user’s device.

How to Protect Your Android Device

To protect your Android device from Agent Smith and other mobile malware, you can take several precautions. For starters, you should not install apps from untrusted sources. Although malicious apps are sometimes found in the Google Play store, it is still safer to download apps from Google Play than third-party app stores and websites.

Another important measure to take is to install operating system, app, and firmware updates as soon as they are available. This will help protect your device from malware that exploits known security vulnerabilities. With the vulnerabilities patched, cybercriminals might not be able to install their malware on your device.

Finally, you should use an advanced mobile security solution. Security software that uses advanced threat detection and prevention technologies will better protect your device against sophisticated malware like Agent Smith. We can help you pick the best mobile security solution for your device.

Malware Infection flickr photo by Visual Content shared under a Creative Commons (BY) license

Today’s guest post is by a friend and professional peer of mine, Tony Chiappetta, owner of CHIPS.

CHIPS is a Technology Success Provider located in Shoreview, MN near the intersection of Highway 96 and Lexington.  Since 2001, CHIPS has been working with businesses to help them get the most from their technology investment.

Tony has been around technology all his life and holds numerous industry certifications.  With the completion of both a Law Enforcement and a Business Management Degree, Tony brings a business perspective to the technology landscape.  This has allowed CHIPS to lead the industry by bringing enterprise solutions down to the Small Business sector.

CHIPS has received many industry awards and accredations however, Tony is most proud that his team has been asked to help secure the Critical Infrastructure of the Twin Cities by bringing to market a proven technology that was previously only available to Federal Government Agencies.

You can follow CHIPS via Social Media and stay connected with their blog.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.