“Agent Smith” malware found infecting 25m Android devices 

Researchers from Check Point have identified a new variant of mobile malware that exploits known Android vulnerabilities. 

The malware dubbed, Agent Smith, has disguised itself as a Google-related application, where by it automatically replaces installed apps with malicious versions without users’ knowledge or interaction. 

Currently the malware has been used to show fraudulent ads for financial gain, however it could be used for more harmful purposes such as banking credential theft. 

Agent Smith was originally downloaded from a third party app store, and has targeted mostly Hindi, Arabic, Russian and Indonesian speaking users. It has affected over 25 million victims worldwide, of which 15 million devices originate from India, 2.5 million from Bangladesh and 1.7 million from Pakistan, according to a report shared with ZDNet. 

Devices in the UK, Australia and the US have also been infected.

Agent Smith attacks user-installed applications silently, therefore it becomes challenging for Android users to combat the threat on their own. 

Jonathan Shimonovich, head of mobile threat detection research at Check Point said:

“Combining advanced threat prevention and threat intelligence while adopting a ‘hygiene first’ approach to safeguard digital assets is the best protection against invasive mobile malware attacks like “Agent Smith”. 

“In addition, users should only be downloading apps from trusted app stores to mitigate the risk of infection as third party app stores often lack the security measures required to block adware loaded apps.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.