Sending panic across the globe, WhatsApp has been infected by Agent Smith virus affecting more than 25 million Android phones out of which nearly 15 million (approx. 1.5 crore) are in India.
The Agent Smith virus which pops ads on the infected phones and infects via third-party app stores such as 9Apps, reports have emerged. Once the virus is on a phone, it conceals itself by changing its own name to a nondescript app such as Google Updater.
Check Point Research, a company which makes security apps and is known for providing guidance on cybersecurity threats has revealed the virus in a press note. As per Check Point, the virus exploits Android 's 'known vulnerabilities' disguised as a Google-related application and changes installed apps with malicious their versions without the users’ knowledge. The malware Agent Smith uses its access to the devices’ resources in order to show fraudulent ads for financial gain. Check Point, however, also cautions that the virus can easily facilitate banking credential theft and even eavesdropping.
Check Point has disclosed that Agent Smith usually spreads via third-party app stores such as 9Apps. What is scarier is the fact that while the Google Play store is well regulated, it is not impossible for a virus or malicious code such as Agent Smith to infect Android phones.
As per the research firm, Agent Smith originated on third-party app store 9Apps and primarily targeted Hindi, Indonesian, Arabic and Russian speakers. Most of the virus' victims are in India and neighbouring countries such as Bangladesh and Pakistan. Check Point Research has also found infected devices in countries such as the UK, Australia and the USA.
How does Agent Smith work?
Usually, the Agent Smith malware conceals itself in sex-related apps, photography apps and games. As soon as the app is installed on the phone, Agent Smith makes full use of permissions users of the phone has freely given. It is well established that users often accept all permissions while installing an app without even checking. Using those permissions, app modifies its name similar to Google Updater or Google Themes or something else with Google in it to make itself seem "authentic".
While it is doing that Agent Smith also begins injecting its code into other popular apps such as WhatsApp and Flipkart. This code enables more ads to users.
Seeing how stealthily it works, detecting Agent Smith becomes very difficult.
How to know if your Android phone has Agent Smith or WhatsApp is infected?
Check Point has said that it has told Google about its research on Agency Smith. Google has subsequently cleaned the Play store to delete the apps that had been infected.
While Check Point notes that no malicious apps remain on the Google Play Store, it is quite possible that your Android phone may still host the malware.
If you are seeing too many ads on your phone, especially sleazy or dubious in nature, first and foremost, scan your phone with an authentic anti-virus app. If you still suspect your phone is a host to Agent Smith virus, delete all the data of popular apps such as WhatsApp and Flipkart and then reinstall these apps. Doing a factory reset is also recommended.
Avoid downloading apps from third-party app stores such as 9Apps. Always download apps from the official Google Play store which is better regulated. One should also avoid sleazy apps or gaming apps from unknown sources. Make sure to look at all the permissions while installing an app. Check for suspicious behaviour.