THINK OF Agent Smith and you'll conjure up an image of Hugo Weaving's antagonist character in the Matrix series, not Android malware that has infected more than 25 million devices.
But that's the name given to said malware, discovered by security firm Check Point, which has penetrated major apps such as WhatsApp.
Agent Smith exploits known Android vulnerabilities to sneakily retool legitimate versions of apps into malicious ones, hence the Agent Smith name, taken from how said agent converts others in the Matrix world into a version of himself.
These apps are similar to the ones they replace, only with portions of their code changed to prevent them from being updated. From there, Agent Smith forces the apps to display more adverts or steal credit for the ads already served.
"The core malware extracts the device's installed app list. If it finds apps on its prey list (hard-coded or sent from C&C server), it will extract the base APK of the target innocent app on the device, patch the APK with malicious ads modules, install the APK back and replace the original one as if it is an update," Check Point's researchers explained.
"In this case, "Agent Smith" is being used for financial gain through the use of malicious advertisements. However, it could easily be used for far more intrusive and harmful purposes such as banking credential theft. Indeed, due to its ability to hide it's icon from the launcher and impersonates any popular existing apps on a device, there are endless possibilities for this sort of malware to harm a user's device."
This is rather worrying stuff, but the researchers did point out that a victim needs to be lured into installing the malware voluntarily through the use of a dodgy dropper app; think apps like photo utilities or sex-related software. So people who are a little more cybersecurity-savvy might be able to smell a cyber rat and avoid falling victim to Agent Smith.
The infections also seem to be targeting Android devices used by Indian, Indonesian and Arabic users, but Check Point's cyber boffins did note some 300,000 devices in the US were affected, so the malware doesn't appear constrained by borders.
As for the source of the malware, Check Point reckons it was made by a Chinese company that specialises in helping developers publish their apps overseas; seem like the company has another sideline to make money.
Check Point also noted that it'll take more than a bit of patching to protect from such attacks: "The 'Agent Smith' campaign serves as a sharp reminder that effort from system developers alone is not enough to build a secure Android eco-system. It requires attention and action from system developers, device manufacturers, app developers, and users, so that vulnerability fixes are patched, distributed, adopted and installed in time."
And when it comes to protecting your device, it's recommended that you make use of a decent bit of security software and proceed with caution when it comes to downloading apps, even from legitimate sources. µ
It wants to forget 1809, just like you
Don't worry, it'll just involve drilling into your skull
Happy Prime Boxing Day!