A devious malware called ‘Agent Smith’ secretly infected over 55,000 devices in Malaysia, one of the worst-hit in SEA

The malware, dubbed “Agent Smith” infiltrates devices by disguising itself as a Google-related app and exploiting known Android vulnerabilities.
Pixabay

A dangerous new mobile malware named after The Matrix’s main villain has infiltrated more than 25 million Android devices around the world – and Malaysia was among the worst-hit in Southeast Asia, a report has revealed.

On Thursday (July 11), cybersecurity software company Check Point Software Technologies’ research arm (Check Point Research) said in a news release that the malware – dubbed “Agent Smith” – automatically replaces installed apps with “malicious” versions without the user’s knowledge.

The dubious software stealthily does this by disguising itself as a Google-related app and exploiting known Android operating system vulnerabilities.

Google Play Store apps which were reportedly found to be affected by Agent Smith malware.
Check Point Research

Malaysia has third highest number of infection in SEA

Nearly one million devices in Southeast Asia fell victim to the trickery and were “quietly” infected, according to Check Point Research. In Malaysia, 55,647 devices were reported to have been attacked by Agent Smith, making it the third highest in the region.

Indonesia, which was the most affected country in the region, had 572,025 devices affected by the malware – 10 times Malaysia’s figure. India, however, had more than 15 million infected devices and over 2 billion infection events – the highest in the world.

The top 10 countries with the most number of Agent Smith infections.
Check Point Research

Other Southeast Asian countries that were affected include The Philippines (226,701), Malaysia (55,647), Thailand (52,848) and Vietnam (32,916) and Singapore (6,257).

What does Agent Smith do?

Check Point Research noted that Agent Smith currently uses “broad access” to the devices’ resources to display fraudulent advertisements for financial gain. However, the team said the software “could easily be used for far more intrusive and harmful purposes”, such as stealing banking credentials and eavesdropping.

Agent Smith’s flow of attack as portrayed by Check Point Research.
Check Point Research

It added that the activity resembles previous malware campaigns like Gooligan, Hummingbad and CopyCat.

Check Point Software Technologies’ head of mobile threat detection research, Jonathan Shimonovich, said: “The malware attacks user-installed applications silently, making it challenging for common Android users to combat such threats on their own.

He added that the best protection against invasive mobile malware attacks from the likes of Agent Smith would be to combine advanced threat prevention and threat intelligence while adopting a “hygiene first” approach to safeguard digital assets.

Users are also advised to only perform downloads on trusted app stores to lower their exposure to infection as third party stores would typically lack the necessary security measures to block adware-loaded apps, Shimonovich said.

Indiscriminate infections

According to Check Point Research’s online blog, Agent Smith started proliferating through widely-used third party app store “9Apps”, and targeted mainly Hindi, Arabic, Russian and Indonesian speaking users.

Although primary victims were observed to be mostly based in India (59 per cent), the research team said that unlike previously seen malware campaigns that did not involve Google Play and affected mostly developing countries, Agent Smith had a “significant impact” on developed nations as well, where Google Play is “readily available.

These include the US which saw approximately 303,000 infections, Saudi Arabia (245,000), Australia (141,000) and the UK (137,000).

A world infection heat map showing the hotspots of Agent Smith attacks. The most number of infections were observed in India.
Check Point Research

Check Point added that it has submitted data to Google and law enforcement units to facilitate further investigation. At the time of publishing the report, no malicious apps were found to remain on the Google Play Store, it said.

Read also: