If you're using an Android phone, you might be at risk of a nasty malware that has been quietly infecting millions of devices. Security researchers at Check Point discovered an attack that replaces legitimate applications like WhatsApp with malicious versions. The malware, dubbed Agent Smith, is believed to have already infected more than 25 million Android phones.
According to researchers, Agent Smith has primarily made its way onto Android phones through 9apps.com, a third-party app marketplace that is owned by Chinese tech giant Alibaba. Once it has made its way onto a device, the malware seeks out popular apps like WhatsApp, Opera web browser, Flipkart and others that may be installed on your phone. When it identifies those applications, it replaces a portion of their code that prevents them from being updated. This keeps the malicious code from being overwritten or defended against, and allows Agent Smith to carry out its primary task: generating cash for its creator.
To do this, the malware injects advertisements into the apps. Innocuous as it sounds, it's a pretty clever and potentially harmful scheme. By displaying ads in the apps, the malware creators are able to generate revenue every time you click on one. The ads themselves aren't necessarily malicious, though they may direct you to a site with bad intentions. There are certainly worse things that malware could do other than display some ads that you'll probably ignore, but it's troubling that Agent Smith has been able to hijack legitimate apps and siphon off cash while avoiding detection — and it's possible the attackers could access more data from the hacked apps than they currently are.
Thus far, the largest target for Agent Smith has been India, where as many as 15 million devices have already been infected, according to Check Point. However, the infection has made its way to Android phones across the world. As many as 300,000 devices in the United States have already been hit by the malware. It's possible that number may continue to grow, as well. Researchers discovered dormant pieces of the Agent Smith code hiding in 11 apps that found their way into the Google Play Store, Google's official marketplace for Android apps. Those have already been removed by Google, but the threat remains.
How to protect your phone against Agent Smith malware
Agent Smith preys primarily upon vulnerabilities present in older versions of the Android operating system. That means your best defense against the attack is to keep your phone up to date.
To update to the latest version of Android, open your Settings app and scroll down to the System menu. Open the Advanced menu, then select System Update. If there is no Advanced option, tap on About Phone. You should be shown any available updates for your device.
Keeping your apps up to date will also ensure that any known security issue has been patched and you are protected. To make sure you are always running the latest version of your app, you can turn on automatic updates. Open up the Google Play app, tap on the three horizontal lines on the top-left, then select Settings and tap "Auto-update apps."
You should also always avoid downloading and installing apps that aren't from the Google Play Store. Google's security protocols aren't perfect, but navigating outside of that ecosystem exposes you to places that are far more laissez-faire about app quality.