By 12 July 2019 | Categories: news


If you remember The Matrix at all, then no doubt you are familiar with the malevolent Agent Smith moniker. The creepiest thing about that villain in the movies was its ability to infect and infiltrate a host’s body. But Agent Smith is not just the foil to Keanu Reeves’ Neo, or a memorable screen villain. It is also the name of a new, particularly insidious malware, discovered by CheckPoint, that is making the rounds, and has quietly infected around 25 million devices disguised as a Google-related application. 

The malware exploits Android vulnerabilities and, like its namesake, automatically replaces installed apps with malicious versions without users’ knowledge or interaction.

So far, the primary victims are based in India though other Asian countries such as Pakistan and Bangladesh are also impacted, as are even a noticeable number of devices in the UK, Australia and the US. The malware currently uses its broad access to the device’s resources to show fraudulent ads for financial gain. This activity resembles previous campaigns such as Gooligan, Hummingbad and CopyCat malware and can infect all smartphones updated beyond even Android v.7.

CheckPoint notes that while Agent Smith is being used to for financial gain through the use of malicious advertisements, it could easily be used for far more intrusive and harmful purposes such as banking credential theft and eavesdropping. The company further stressed that due to its ability to hide its icon from the launcher and impersonate existing user-trusted popular apps, there are endless possibilities for this sort of malware to harm a user’s device.

So what do you do about it? Short of swallowing blue pills or learning an array of martial arts, there are some practical steps you can take. Prevention is always better than cure, and thus CheckPoint recommends having an advanced threat prevention solution such as SandBlast Mobile installed on one’s device. That, it notes would have detected and blocked the malicious version of these apps from being installed, while alerting the user to the suspicious attempted activity.

More specifically, the company elaborated SandBlast Mobile’s unique security infrastructure, On-device Network Protection, delivers threat prevention capabilities to enterprise mobile devices that were previously only available in network and endpoint security solutions. 

By inspecting and controlling all network traffic on the device, SandBlast Mobile prevents phishing attacks across all apps, email, SMS, iMessage and messaging apps. In addition, the solution prevents accessing malicious or restricted websites, and infected devices from accessing corporate resources and communicating with botnets. To ensure data and user privacy, SandBlast Mobile validates cellular traffic on the device itself without routing data through a corporate gateway.

That being said, what do you do if you are  already infected? The company shared some steps below.

For Android:

1.       Go to Settings Menu

2.       Click on Apps or Application Manager

3.       Scroll to the suspected app and uninstall it.

If it can’t be found then remove all recently installed apps.

For iPhone:

1.       Go to Settings Menu

2.       Scroll to ‘Safari’

3.       On the list of options, ensure that ‘block pop-ups’ is selected.

4.       Then go to ‘Advanced’ -> ‘Website Data’.

5.       For any unrecognized sites listed, delete this site.


Magazine Online is South Africa's leading magazine for tech product reviews, tech news, videos, tech specs and gadgets.
Start reading now >
Download latest issue

Have Your Say

What new tech or developments are you most anticipating this year?
New smartphone announcements (11 votes)
Technological breakthroughs (14 votes)
Launch of new consoles, or notebooks (9 votes)
Innovative Artificial Intelligence solutions (9 votes)
Biotechnology or medical advancements (16 votes)
Better business applications (6 votes)