Agent Smith: The Agent Smith Malware has been around since 2016 and has made a resurgence with a new campaign which has infected an estimated 25 million devices. The malware operates by exploiting vulnerabilities in devices running Android versions 5 through 6 primarily. Once installed on a device, the malware begins to replace legitimate applications with malicious versions. The current campaign has primarily affected users throughout India, Bangladesh, Pakistan, and other Asian nations. Agent Smith has traditionally resided in applications which are made available on third-party app stores. 9Apps has been the main source of the malware for years, hiding mostly in photo utility apps, games, and adult entertainment apps. Although it has traditionally hidden in third-party app stores, 11 applications containing a dormant version of the malware were discovered on Google Play but have since been removed. While Indian and Arabic speakers have been the primary target for the malware, the infections have not been limited to India and Asia and have been seen in both the United States and the United Kingdom.
Analyst Notes
Agent Smith finding a way onto the Play Store shows that the threat actor is working hard to evolve their abilities, and this will likely not be the last that we see of the group or their malware.