MALWARE: ‘Agent Smith’ infects millions of Aussie phones

Thousands of Australian Android users may have downloaded the 'Agent Smith' of the mobile world, and the result isn't pretty.

The malicious clone apps named after Hugo Weaving's character from The Matrix, have infected up to 25 million Android devices globally and it's spreading at an alarming rate, cybersecurity firm Check Point has warned.

Check Point's researchers say the malware so far has been used to display dodgy advertisements for financial gain on users devices, but they've warned it's capable of much, much worse.

Users are completely unaware to Agent Smith taking over their smartphones and tablets.

It infects devices when the user installs an app that contains the malicious code, typically games installed from third-party sites.

From there, Agent Smith scours the device for other apps it can 'feed on' replacing them with a cloned, weaponised version without the user's permission.

Some apps Agent Smith is capable of replicating include WhatsApp, web browser Opera and SwiftKey. It's estimated infected devices contain on average 112 cloned apps.

The dodgy apps work fine and are difficult to detected as the malware is hidden from the device user.

"Armed with all the permissions users had granted to the real apps, Agent Smith was able to hijack other apps on the phone to display unwanted ads to users. That might not seem like a significant problem, but the same security flaws could be used to hijack banking, shopping and other sensitive apps," Check Point's Aviran Hazum said.

"Hypothetically, nothing is stopping them from targeting bank apps, changing the functionality to send your bank credentials to a third party. The user wouldn't be able to see any difference, but the attacker could connect to your bank account remotely."

Agent Smith was detected earlier this year after a wave of malware attacks hit India. So far it has hit mostly Asian countries including Parkistan and Bangladesh as it's been easier to spread through third-party stores there.

However Check Point says a noticeable number of devices in Australia, the US and UK have also been infected.

Ashwin Pal, Director of Cyber Security at Unisys, said it was difficult to pinpoint an exact number of affected devices in Australia, but it was likely to be a lot lower than India, Bangladesh and Pakistan as users there are more likely to use third-party apps.

"Every app on a person's device is at risk. And this is where the problem lies. There is nothing stopping the malware developers from using this to start to capture confidential data such as internet banking passwords, etc," he said.

While third-party app stores were the biggest concern, 11 apps on Google Play were found to have been spreading Agent Smith.

These apps have since been removed, but they were downloaded over ten million times globally, infecting hundreds of thousands of UK and US devices.

Mr Pal said users should not download apps from third-party stores.

"Always use legitimate app stores such as iTunes or Google Play Store. Do not download unnecessary apps particularly ones that have been sent to you via links or advertisements (and) always update your device and apps whenever updates are available," he advised.

"Do not click on any adverts that are served up to avoid malware infections."

Dustin Childs from cybersecurity company Trend Micro, said it was crucial Android users regularly update their devices to the latest version, as well as use a trustworthy ad-blocker.

"We've seen malicious ads that can install apps when you browse to a web page from your Android device. They could be installing ransomware, they could be copying your contacts. Ad blockers aren't just to block ads," he said.

Mr Hazum stressed that it was important users didn't ignore prompts to update their devices to the latest software.

"People see they have an update and know it will take their phone 30 minutes to download it, apply it, and restart the device. A lot of people ignore it," he said.

More recent versions of Android have patched the vulnerability Agent Smith but not all manufacturers prompt users to regularly update.

Apple users aren't immune to malware either. While their system is more tightly controlled than Android, hackers have still been able to worm their way into devices using iOS.

Users who continue to use outdated devices are at the most risk.

The android warning comes a week after it was revealed a million Microsoft Windows users were vulnerable to a highly spreadable ransomware attack dubbed BlueKeep.

Microsoft said any operating system earlier than Windows 8 is at risk with internet security company AVG warning users to check if their operating system is 'dangerously out of date'.

Is Agent Smith on your phone? Read below how to protect your devices from it. Picture: iStock
Is Agent Smith on your phone? Read below how to protect your devices from it. Picture: iStock



If you think you may have downloaded an app containing Agent Smith here's what to do:

For Android:

Go to Settings Menu

Click on Apps or Application Manager

Scroll to the suspected app and uninstall it.

If it can't be found then remove all recently installed apps.

For iPhone:

Go to Settings Menu

Scroll to 'Safari'

On the list of options, ensure that 'block pop-ups' is selected.

Then go to 'Advanced' and 'website Data'.

For any unrecognised sites listed, delete this site.

Read more about Agent Smith at Check Point.