The Name’s Smith. Agent Smith of the Adware Company

Cybersecurity company Check Point recently revealed that second-generation adware is on the rampage. Over 25 million users worldwide have been affected so far by “Agent Smith,” a malicious agent that modifies and reinstalls legitimate applications such as Flipkart, Opera Mini, and WhatsApp.

Check Point pinpointed the infection to 9Apps, a Chinese third-party Android apps vendor. So far, no one has complained of credit card or identity theft, but Check Point warns that Agent Smith can quickly become a doorway for more damaging malware.

What or who is Agent Smith?

Dubbed after Hugo Weaving’s The Matrix character, Agent Smith is a malicious ads module which comes in the guise of the legitimate updater. Once inside the phone, it asks the user for permission to update regular Android applications.

As Check Point revealed, instead of keeping your apps up-to-date, the viral payload modified the apps, and reinstalls them. To the unaware user, this is just a part of the update process – the apps themselves don’t appear to have suffered any modification, and no prompts are received throughout the process. Lovely perspective, isn’t it?

So, when did the whole thing start? Can’t say for certain but Check Point, the cybersecurity company who identified and sandboxed this adware said that Agent Smith used 9Apps to spread.

For those of you who haven’t heard the name before, 9Apps is a third-party apps store from China which, in its spare time, aids developers in promoting and publishing their apps in foreign markets, because we all know how hard that is.

Well, apparently, Agent Smith somehow went rogue and began tampering with popular apps such as Flipkart, Opera Mini, Swiftkey, and even some software from Lenovo (talk about an overkill).

Now, according to Check Point’s Proof-of-Concept, the malicious code first spread to devices from Bangladesh, Pakistan, and India. However, a couple of days later, infections were also detected in the United Kingdom and the United States.  All in all, over 300,000 viral payloads were identified, encompassing some 25 million devices.

Still, Agent Smith is a teddy bear compared to WannaCry or the most recent WannaHydra, the banking, three-pronged trojan that nearly brought Brazil’s online banking system to its knees.

So, is there any way to protect your Android device from Agent Smith? It sure is: stop downloading the app from unsecured sources. Of course, 9Apps is a legit Android platform but lacks the same Fort Knox-like security as its United States peer. You should also keep in mind that there’s no such thing as premium content on 9Apps, meaning that all apps are free for use and to enjoy.

Sounds great, yet keep in mind that more free content means more chances of stumbling upon malicious apps. So, before downloading and installing an app, take a good look at its description. You can also research info on the vendor, developer, and publisher. Lastly, after the download’s done, run a quick malware scan with your Android app of choice.


Is Agent Smith the harbinger of doom? I don’t think so, but we have to keep in mind that its apps like Smith that keep the door open so that other malware can pass unhampered. What’s your take on this? Head to the comments section and let me know what you think.

About Daniel Sadler

Old-school PC gamer, poetry buff, cat lover, tech wiz. His writing career began almost two decades ago when he modestly acknowledged that hindsight or, lack thereof, can compromise security. He enjoys spending quality time with his friends and family. Most of his friends refer to Daniel as a "man of a few words, but, man, what words!" His interests include cybersecurity, IT, blogging, and, of course, everything related to technology.

Leave a Reply

Your email address will not be published. Required fields are marked *