Alert Priority HIGH: ‘Agent Smith’ malware infects 25 million Android devices globally

17 July 2019

What’s happened?
Australian Android users are warned not to download mobile apps from third party app stores following reports of malware known as ‘Agent Smith’ infecting 25 million Android devices globally.

How it works

Android devices are infected when the user installs an app, often a game app from a third party site, which contains this malicious software (malware).

The ‘Agent Smith’ malware then searches an infected device for other apps it can feed on, replacing them with malicious, cloned versions without the user’s knowledge.

‘Agent Smith’ is capable of replicating mobile apps like WhatsApp, web browser Opera and virtual keyboard SwiftKey.

Through the replicated apps, ‘Agent Smith’ displays fake advertisements that are used by cybercriminals to steal your money or personal information. By impersonating existing apps on a user’s device – and leveraging the permissions a user has granted to the real apps – cybercriminals could also hijack sensitive information like your banking password or other online logins.

How do I stay safe?
  • If you think you may have downloaded an app containing ‘Agent Smith’, Android users can go to Settings, then click on Apps or Application Manager, scroll to the suspected app and uninstall it. If it can’t be found then remove all recently installed apps.
  • Never download apps from third party sites or from links in emails, social media, text messages or websites. Use legitimate app stores such as Google Play for Android or Apple’s App Store.
  • Don’t click on app adverts as they may contain malicious software – and consider installing a reputable ad blocker from a legitimate app store that will stop you seeing most ads.
  • Keep your devices and apps updated with the latest software whenever updates are available – and set updates to install automatically wherever possible.

More information

Learn more about safely downloading online apps.

Read more about malicious advertising.

The information provided here is of a general nature. Everyone’s circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.Disclaimer
You may have noticed we’ve updated our branding, to incorporate the Australian Cyber Security Centre (‘the ACSC’) logo, and complement the ACSC colours. This is to better reflect that Stay Smart Online is a part of the ACSC.

This information has been prepared by the ACSC. It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.