Technology 3 min read

Agent Smith Malware Infects 25 Million Android Phones

George Dolgikh /

George Dolgikh /

Google’s operating system has been hit with the most severe threat in recent memory.

According to cybersecurity researchers, over 25 million Android phones have been infected with a malware dubbed Agent Smith. Exploiting known weaknesses of the Android operating system, the malware replaces installed apps such as WhatsApp with one that serves ads.

While the ads may seem harmless, security experts point out that whoever is behind the attack could do worse. Here is why.

Aside from hiding its icon from the launcher, the malware, Agent Smith can impersonate any existing popular app on a device. This creates endless ways of hurting a user’s device.

Although Google is reportedly aware of the malware’s existence, the tech giant hasn’t issued a statement yet.

A Widespread Malware Attack

While most of the malware victims – about 15 million – are in India, about 300,000 Android devices in the U.S. were also attacked. In the U.K., 137,000 phones are reportedly infected.

So, how is the malware spreading?

Agent Smith made its way into users’ phone via a, a third-party app-store owned by China’s Alibaba.

Here’s the thing; non-Google Play attacks typically focus on developing countries. So, the hacker’s success in the U.S. and the U.K. is one of a kind, which makes it remarkable.

So, how does it work?

How Agent Smith Operates

It begins with users downloading an app from the store – a game or a utility app. Then, the app covertly installs the malware in the guise of a Google updating tool.

The malware remains under the radar, with no icon appearing on the launcher. In then starts to replace legitimate apps such as WhatsApp and Opera browser with evil updates to serve bad ads.

While the ads are not malicious, it’s a typical fraud scheme. With every click on the injected ad, the hacker makes money in an ideal pay-per-click system.

What Can You Do?

According to the head of cyber analysis and response at cybersecurity agency, Check Point, users can uninstall the malware.

Click on the Settings icon on your Android device and scroll down to the apps and notification section. Next, scan through the app info list for Google Updater, Google Installer for U, Google Powers, and Google Installer 

Click on the suspicious app and select “Uninstall.”

A smarter option would be to avoid unofficial Android app stores. But, even the Google Play store is not any safer.

Read More: New Google Play Store Malware Avoids SMS Two-Factor Authentication

First AI Web Content Optimization Platform Just for Writers

Found this article interesting?

Let Sumbo Bello know how much you appreciate this article by clicking the heart icon and by sharing this article on social media.

Profile Image

Sumbo Bello

Sumbo Bello is a creative writer who enjoys creating data-driven content for news sites. In his spare time, he plays basketball and listens to Coldplay.

Comments (0)
Most Recent most recent
share Scroll to top

Link Copied Successfully

Sign in

Sign in to access your personalized homepage, follow authors and topics you love, and clap for stories that matter to you.

Sign in with Google Sign in with Facebook

By using our site you agree to our privacy policy.