Agent Smith

A new malware for Android has been discovered. This virus can infect devices by replacing legitimate apps with clones that impersonate them and are then used to mass display the user. The malware is called Agent Smith, a classic for all Matrix fans

This malware, Agent Smith, has already infected more than 25 million victims although most of them are in countries like La India, Bangladesh and Pakistan. Users have been suffering from this parasite for more than 2 months even though its discovery dates back to 2016.

The Agent Smitch malware is of Chinese origin

Check Point, the agency in charge of discovering it, knows that this malware comes from a technology company that is in Guangzhou, a city from China. The malware creator is dedicated to boosting and promoting Chinese apps. The malware first appeared in 2018 and the firm Check Point has been tracking it for some time.

The problem with this malware is that until recently it could only be "downloaded" from the 9Apps store, owned by UCWeb (the company behind UC Browser). However, in recent months Agent Smith has been infecting users from the Google Play Store. There are at least 11 infected apps in the official Android store. Some of these Android apps already have more than 11 million downloads in the Google app store. Luckily, they have been eliminated thanks to their location by the Check Point team.

What does Agent Smith infect your mobile for?

Although the apps have been removed and the malware detected in time, it is a very dangerous virus. Its structure makes it very difficult to detect. Initially, the application infected fully functional apps and distributed them through the 9Apps store Currently some of these apps have also reached the Google Play Store.

These applications contain code that downloads another app package (disguised as an SDK) and then this application package infects the victim's smartphone with Agent Smith's malware. Once on the phone, the malware can locate all the apps installed on the phone and replace the original apps with cloned and infected ones.It can replace apps like Jio, Hotstar Apps, WhatsApp, Lenovo AnyShare, Opera Mini, Flipkart and also TrueCaller which are very popular apps in Indian market.

The operation of this malware is so advanced that it is capable of injecting malicious code into the application without affecting the MD5 file. Once the applications have been replaced, this malware blocks their automatic updates to prevent them from being replaced by uninfected ones. The operation is really complex but frightening, as it serves to ensure that the malware does not disappear from the victim's phone.

The most curious thing is that this malware is used to introduce Adware (massively), when normally these methods are present in other more dangerous techniques such as the injection of some spyware or malicious code with even worse purposes.

How to remove Agent Smith malware?

If you live in Spain, it is highly unlikely that you have been infected with this malware, but if you are suspicious, it is best to check the origin of the applications you have installed on your smartphone. An antivirus like this can help you block them and get them off your phone. Otherwise, a factory reset can fix the problem completely, or even removing the applications you have downloaded on your phone and reinstalling all of them using Google Play. All this if the method that we give you below does not work.

The only thing you need is to delete the applications that are showing on your mobile and they shouldn't. If you can't figure out what they are, remove all recently installed apps. This will have solved the problem in most cases.