Agent Smith malware on Android devices

This report claims that 25 million Android phones have been infected by “Agent Smith” malware and that it could affect (but not infect?) Apple devices:
https://www.news.com.au/technology/online/hacking/agent-smith-infects-25-million-android-devices-globally-through-whatsapp-opera-and-swiftkey-clones/news-story/
There don’t seem to be other reports of this issue, including CERT (https://www.kb.cert.org ).

The research was done last week by Checkpoint and a very detailed technical analysis can be found at https://research.checkpoint.com/agent-smith-a-new-species-of-mobile-malware/, but there is no mention of iOS, iPhone or Apple.

I see some instructions in the first article for removing it from an iPhone, but that’s about it. It seems to me that it could only impact a jail-broke iPhone that was downloading apps from somewhere other than the App Store. Another possibility is that you might be tricked by a pop-up by visiting an infected web site.

From the article:

The “Agent Smith” campaign is primarily targeted at Indian users, who represent 59% of the impacted population. Unlike previously seen non-GP (Google Play) centric malware campaigns, “Agent Smith” has a significant impact upon not only developing countries but also some developed countries where GP is readily available. For example, the US (with around 303k infections), Saudi Arabia (245k), Australia (141k) and the UK (137k).

Interestingly, the link from the www.news.com.au site no longer contains the story. Instead, I’m getting this message:

"We had a good look, but couldn’t find the page you requested.

This is either because:

  • There’s an error in the address or link you have entered in your browser
  • There’s a technical issue and the page has not been properly published
  • The article was removed to comply with a legal order
  • It is an older article that has been removed from the site"
    I just did a quick search turned up a lot of articles about Agent Smith published across the globe and were published within the last few days, and all of those I looked at basically said the same thing. I didn’t see and new developments in the last 48 hours. So it could be a hoax, a miscalculation, or it has spread so far and has everyone stumped.

Looking on the plus side, if it did affect 25 million people, the majority of whom are in India, maybe it will help Apple sell more iOS devices in a market that has been extremely challenging, to say the least, for them. Although I have recently read in the business press that although Apple is selling fewer iPhones in India, the models that are selling are the highest priced ones, and profits there are up significantly. So maybe they’ll sell more at all price points.

The URL problem is likely due to me getting there via Google News and stripping the creepy stuff from the end of the URL before posting here - apologies.

https://www.news.com.au/technology/online/hacking/agent-smith-infects-25-million-android-devices-globally-through-whatsapp-opera-and-swiftkey-clones/news-story/9947a986b0bd0160515cbc396e99559a

Hmmm, was the MiB trilogy big in India?