Indians – The Major targets of Agent Smith
By Prempal Singh
Indian cybercrime officials, tracking the recently detected Agent Smith malware, believe it is targeted at Indians, who constitute the highest number of victims so far.
As per the report by Checkpoint, a private cybersecurity firm, Agent Smith is believed to have infected over 25 million devices so far.
The malware, which derives its name from The Matrix who is competitor, of the Wachowski Brothers’ cult trilogy, is currently being tracked by cyber-crime agencies across the world.
The Maharashtra Cyber department has issued an advisory earlier that week cautioning users against the malware, which can silently embed itself into any cell phone.
Agent Smith is embedded in apps available on Google Playstore, mostly connected to gaming, image editing or adult entertainment. Once a user downloads the app, the malware gets active, looking for other apps that it can take over. Its ability to impersonate apps, as well as the fact that its icon is not visible on the user’s screen, makes it next to impossible to detect
The structure of the malware, too, indicates that it is an advanced one. Unlike most malware, the creators of Agent Smith seem to have made the effort to identify all the latest vulnerabilities in the Android operating system and designed it specifically to exploit them.
One such vulnerability is called the Janus, which was discovered in 2017 by cybersecurity researchers. It allows hackers to modify an app without affecting its own signature, which makes the hack impossible to detect. The Janus vulnerability in replacing apps with their contaminated versions while leaving the hash value, which is like a unique signature for any app.
First noticed early this year, the malware can replace apps on android phones with malicious versions without the user’s knowledge.
According to investigations conducted by several agencies so far, around 59% of those affected by Agent Smith are Indians. Other countries where the significant infection was recorded include the United States, the United Kingdom, Saudi Arabia, Australia, Bangladesh, and Pakistan.
Cybercrime officials are closely tracking Agent Smith’s activities which, for the moment, seem to be limited to throwing up targeted advertisements. However, with the kind of abilities that the malware displays, it can be used for anything that its creators want it to do.
“With 25 million devices being reportedly infected, the makers of Agent Smith already have a huge botnet at their disposal, and the possibilities are almost literally endless,” the officer said.
“Users are advised against downloading third-party apps to avoid falling prey to Agent Smith and keep their operating system. Also if one sees the sign of their device is infected, they should immediately do a factory reset” said Special Inspector General of Police Brijesh Singh, Maharashtra Cyber