Agent Smith has left The Matrix and taken the form of a computer virus that has infected over 25 million smartphones around the globe.
All you movie buffs and Matrix fans will surely remember Agent Smith. He was the rogue computer virus that went on to become ‘The Many’ in opposition to Neo, who was ‘The One’. However, in very recent times, Agent Smith has literally come to life, but there is no Neo to stop him this time around. A computer virus aptly given the name ‘Agent Smith’ has already affected about 25 million smartphones around the world.
Agent Smith’s functionality is like any other sophisticated computer virus, but to understand how Agent Smith works, we must first understand what a computer virus is and how it operates.
What is a Computer Virus?
A computer virus is much like a flu virus that we study in biology. Essentially, it is a program designed to spread from host to host and has the ability to replicate itself. In the same way that flu viruses cannot reproduce without a host cell, computer viruses cannot reproduce and spread without a file or document.
Each computer virus goes through multiple phases until it reaches its most active state. The life cycle of every virus can be divided into four distinct phases:
- Dormant Phase: This is the stage of the virus where it lies idle. The virus has infected the target device by this stage and is waiting for the trigger to activate it.
- Propagation Phase: This is the stage where the virus starts multiplying and replicating itself. The copies of the virus aren’t exactly the same as the original one; this ‘morphing’ is done to prevent detection.
- Triggering Phase: In this stage, the virus becomes activated by the trigger. The trigger can be multiple things, ranging from the number of times the virus has propagated to a selected date and time.
- Execution Phase: This stage is where the actual ‘payload’ of the virus is released. The virus can be made to delete, alter or update files, or it could be made to perform a harmless prank.
What is ‘Agent Smith’?
In early 2019, a research team from Check Point Software Technologies Ltd. observed a steep rise in the number of malware attacks on mobile devices in Southeast Asia. These malware attacks were abusing the Janus vulnerability, a loophole exploited by many hackers in the Android system.
First, the virus was believed to be the infamous CopyCat virus of 2016, which affected 14 million mobile devices, but it was later found that this new threat had its own functionality and was a different piece of malware altogether. After studying it and observing its functioning, it was christened ‘Agent Smith’.
Like the phases in the life cycle of a virus, as mentioned above, the Agent Smith virus had three distinct phases.
- A dropper app lures its victims to install itself voluntarily. This dropper app is usually in the form of a free game, a photo-editing app or adult entertainment applications. These apps contain the virus within them, which can then load onto the mobile device.
- Once installed, the dropper app will deliver the ‘payload’, a malicious program in the form of an APK. This APK file impersonates itself as an official Google program in order to mislead victims.
- The malicious APK file then searches for and infects other famous apps, such as WhatsApp, MXPlayer, ShareIt, etc. It then proceeds to infect most of the other apps installed in the device.
Is Agent Smith on Your Phone?
Agent Smith is usually accompanied by an app that is used as a decoy and harbors the real virus. These apps are typically found on third-party app stores like 9Apps. Once the app is downloaded on your phone, the malware will be decrypted in the form of an APK. This malware bypasses the Android’s APK Integrity Check by exploiting the Janus vulnerability. The Janus vulnerability is a loophole found in Android devices that has yet to be patched by Google. So, if you have downloaded any apps from third-party app stores, there’s a definite chance that you are infected by Agent Smith.
The best possible way to identify whether your mobile device has been infected by Agent Smith is to check for the symptoms. Agent Smith is known to have ad payloads. Basically, the current function of Agent Smith is to promote advertisements when the user is using infected apps. So, if you’re noticing a large amount of ads on apps that shouldn’t naturally show ads, you may have been infected by Agent Smith.
Agent Smith has currently affected about 25 million devices. Though most of these devices are from Southeast Asia and the Middle East, Agent Smith has begun to affect devices across the US and Europe at an alarming rate.
While the role of the current Agent Smith virus iteration is only to earn revenue by displaying ads, a future version of the virus could be more dangerous and intrusive. The virus could obtain sensitive information stored on your device, steal bank and credit card details, or gain access to your apps.
Experts have studied the virus and suggested a specific list of countermeasures to rid oneself of Agent Smith. A few of them are-
- Uninstall apps downloaded from non-official app stores.
- Do not download apps from untrusted sources like app stores and websites
- Disable the installation of apps from “Untrusted Sources” in Android Settings
- Verify app permissions and grant only those permissions relevant to the app
- Download and patch official Android updates
- Regularly maintain and update Android apps from the Play Store
- Install an Anti-Virus application
Although the creators of Agent Smith have decided to only use the virus for revenue-gaining purposes, it can also be used for other intrusive actions. Researchers believe that there will be a larger Agent Smith campaign in the near future. They have found out that a dormant version of Agent Smith has already penetrated the Google Play Store. 11 apps have been found with this dormant version of the virus.
Experts believe that the creators of Agent Smith are playing a waiting game. As the virus increases its penetration rate in the Google Play Store, the attackers are waiting for the right time to launch a major cyber attack. With all that in mind, it is wise to remain cautious about what you download and from where. Remember, prevention is always better than a cure!