Australian Android users have been warned to urgently update their devices after it was revealed 140,000 have already been infected with Agent Smith malware.
Camera IconAustralian Android users have been warned to urgently update their devices after it was revealed 140,000 have already been infected with Agent Smith malware. Credit: News Limited, Supplied

‘Agent Smith’ has already infected 140,000 Aussie Android devices, 10 million at risk

Natasha ChristianNews Corp Australia Network

Australian Android users have been advised to urgently update their security settings and change their app download habits, as 140,000 devices have already been infected with Agent Smith malware.

Check Point Australia has confirmed the number of Aussies who have mistakenly downloaded the malware, and the result isn’t pretty.

Tech firm Telsyte says more than 10 million Australians own an Android smartphone and over 8.6 million use iPhones.

Agent Smith, which affects only Android devices, are malicious clone apps named after Hugo Weaving’s character from The Matrix.

Get in front of tomorrow's news for FREE

Journalism for the curious Australian across politics, business, culture and opinion.

READ NOW

Since it was first detected in 2016, up to 25 million Android devices, including tablets and smartphones, have been infected globally and it’s spreading at an alarming rate.

The countries most affected by Agent Smith so far.
Camera IconThe countries most affected by Agent Smith so far. Credit: Supplied, Check Point

Check Point’s researchers say the malware so far has been used to display dodgy advertisements for financial gain on users’ devices, but they’ve warned it’s capable of much, much worse.

Users are completely unaware of Agent Smith taking over their smartphones and tablets.

It infects devices when the user installs an app that contains the malicious code, typically games installed from third-party sites.

From there, Agent Smith scours the device for other apps it can ‘feed on’ replacing them with a cloned, weaponised version without the user’s permission.

Some apps Agent Smith is capable of replicating include WhatsApp, web browser Opera and SwiftKey. It’s estimated infected devices contain on average 112 cloned apps.

The dodgy apps work fine and are difficult to detect as the malware is hidden from the device user.

“Armed with all the permissions users had granted to the real apps, Agent Smith was able to hijack other apps on the phone to display unwanted ads to users. That might not seem like a significant problem, but the same security flaws could be used to hijack banking, shopping and other sensitive apps,” Check Point’s Aviran Hazum said.

Agent Smith is able to clone apps like WhatsApp without the user’s permission.
Camera IconAgent Smith is able to clone apps like WhatsApp without the user’s permission. Credit: AFP, AP

“Hypothetically, nothing is stopping them from targeting bank apps, changing the functionality to send your bank credentials to a third party. The user wouldn’t be able to see any difference, but the attacker could connect to your bank account remotely.”

Agent Smith was detected earlier this year after a wave of malware attacks hit India. It prompted one of India’s largest banks, Union Bank Of India, to issue a warning to customers.

So far Agent Smith has hit mostly Asian countries including Parkistan and Bangladesh as it’s been easier to spread through third-party stores there. However Check Point says hundreds of thousands of devices have been infected in Australia, the US and UK.

Cyberfirm Unisys Director of Security, Ashwin Pal told News Corp “Every app on a person’s device is at risk.”

“And this is where the problem lies. There is nothing stopping the malware developers from using this to start to capture confidential data such as internet banking passwords, etc,” he said.

While third-party app stores presented the biggest risk, 11 apps on Google Play were found to have been spreading Agent Smith. Those apps, including Blockman Go, Cooking Witch, Ludo Master, and Crazy Juicer have since been removed but not before they were downloaded over ten million times globally.

Mr Pal said users should not download apps from third-party stores.

The clone malware is named after Hugo Weaving’s character Agent Smith in The Matrix.
Camera IconThe clone malware is named after Hugo Weaving’s character Agent Smith in The Matrix. Credit: Supplied
Some of the apps that appeared on Google Play store that were reported in relation to Agent Smith.
Camera IconSome of the apps that appeared on Google Play store that were reported in relation to Agent Smith. Credit: Supplied, Check Point

“Always use legitimate app stores such as iTunes or Google Play Store. Do not download unnecessary apps particularly ones that have been sent to you via links or advertisements (and) always update your device and apps whenever updates are available,” he said.

“Do not click on any adverts that are served up to avoid malware infections.”

Dustin Childs from cybersecurity company Trend Micro said it was crucial Android users regularly update their devices to the latest version, as well as use a trustworthy ad-blocker.

“We’ve seen malicious ads that can install apps when you browse to a web page from your Android device. They could be installing ransomware, they could be copying your contacts. Ad blockers aren’t just to block ads,” he said.

Mr Hazum added users shouldn’t ignore prompts to update their devices.

“People see they have an update and know it will take their phone 30 minutes to download it, apply it, and restart the device. A lot of people ignore it,” he said.

More recent versions of Android have patched the vulnerability Agent Smith but not all manufacturers prompt users to regularly update.

The devices more affected by Agent Smith.
Camera IconThe devices more affected by Agent Smith. Credit: Supplied, Check Point

Currently more than 24,000 devices run Android including Samsung, Xiaomi and Lenovo.

While Agent Smith doesn’t affect Apple users, they aren’t immune to malware either.

Users who continue to use outdated devices are at the most risk.

The Agent Smith warning comes a week after it was revealed a million Microsoft Windows users were vulnerable to a highly spreadable ransomware attack dubbed BlueKeep.

Microsoft said any operating system earlier than Windows 8 is at risk with internet security company AVG warning users to check if their operating system is ‘dangerously out of date’.

Is Agent Smith on your phone? Find out what to do below.
Camera IconIs Agent Smith on your phone? Find out what to do below. Credit: News Limited, Supplied

IS AGENT SMITH ON YOUR PHONE?

Check Point says these are some of the apps that have been compromised by Agent Smith:

Ludo Master — New Ludo Game 2019 For Free

Sky Warriors: General Attack

Colour Phone Flash — Call Screen Theme

Bio Blast — Infinity Battle Shoot virus

Shooting Jet

Photo Projector

Gun Hero — Gunman Game for Free

Cooking Witch

Blockman Go: Free Realms & Mini Games

Crazy Juicer — Hot Knife Hit Game & Juice Blast

Clash of Virus

Angry Virus

Rabbit Temple

Star Range

Kiss Game: Touch Her Heart

Girl Cloth Xray Scan Simulator

If you think you may have downloaded an app containing Agent Smith here’s what to do:

For Android:

Go to Settings Menu

Click on Apps or Application Manager

Scroll to the suspected app and uninstall it.

If it can’t be found then remove all recently installed apps.