Imagine an Android malware called Agent Smith. If you recall from the Matrix films, he was able to replicate himself by stabbing others. This malware with the same name does something like that, infecting other apps with its malicious code. And it has already infected over 25 million apps, according to security firm Check Point.
Agent Smith doesn’t harvest data from infected devices. What it does instead is make other apps display ads, and essentially steal the ad revenue of those and other apps. It looks for known apps on an infected device, and patches its own malicious ad modules into their code. This not only redirects the app’s ad revenue to them, but also prevents the infected apps from being updated.
Oddly enough, the vulnerability that Agent Smith makes use of was patched quite awhile ago. Yet, Agent Smith is still able to propagate due to app developers not updating their apps to keep them protected. Google has removed the malicious apps spreading Agent Smith from the Play Store, but it still spreads wildly though a third party app store called 9Apps.
Check Point calls Agent Smith “as malicious as they come”. While this version was made to steal ad revenue, another version could be made to steal private information. It also serves as a reminder to be very careful about getting apps outside of official channels, if you absolutely have to.