Android malware, Agent Smith, is estimated to have infected 25 million Android devices worldwide. The malware exploits a vulnerability in the Android operating system. Once installed, Agent Smith disguises itself as an official Google-related application and hides its app icon from the launcher. The malware then quietly replaces legitimate apps with malicious versions without any user interaction.

The malware has been described as more of a nuisance than a threat since it is primarily being used for financial gain by launching malicious advertisements via these bad replacement apps. According to researchers, there is no evidence of the malware stealing user data yet, but with the level of access the malware has, the implications could be far worse.

The malware was spread most widely through a third-party app store called 9Apps, which is popular in Asia. It seems the malware operator was attempting to expand their reach with 11 apps discovered in the Google Play store containing the dormant versions of Agent Smith. These apps have now been removed by Google. 

How does Wandera protect your employee devices from this attack?

Wandera customers are protected from this malware. MI:RIAM, Wandera’s advanced threat intelligence engine, detects the installation of the dropper apps and blocks the command and control traffic related to Agent Smith.

This latest discovery demonstrates the importance of having a modern mobile security strategy and mobile security solution in staying ahead of new attacks. Wandera’s Mobile Threat Defense protects users from this attack in a number of ways: 

  • Blocks access to third-party app stores such as 9Apps
  • Detects installations of the dropper apps that install Agent Smith malware
  • Detects installations of apps belonging to the Agent Smith family
  • Blocks unusual data connections to Command and Control servers
  • Identifies apps that aren’t updated to the latest versions via Wandera App Insights
  • Identifies out-of-date operating systems that don’t have the latest security patches
  • Ensures devices compromised with Agent Smith do not put company data at risk by configuring conditional access policies

We advise end users to take the following steps to protect their devices:

  1. Update your operating system immediately
  2. Go to your Apps/Applications Manager in your device settings and uninstall suspicious, unknown, and recently installed apps

For more information on mobile malware, please read these related articles: