Agent Smith in India

Agent Smith is the name given to a new variant of a mobile malware that is infecting Android devices. At present, the activity of this virus is restricted to showing fraudulent advertisements for monetary benefit, resembling CopyCat, Gooligan, etc.

It is apposite to mention here that Agent Smith was originally downloaded from 9Apps,[i] a third-party, Android applications and games store, managed by China’s Alibaba Group.[ii]

What is a Malware?

A contraction for malicious software, a malware is a software that is designed to gain unauthorised access to a network/computer or cause damage to data/systems. Typically, it is delivered as a link or as an attachment to an email.

Types of Malware

Some of the most prominent types of malware are -

• Virus : It is an executable type of malware that self-replicates by infecting and modifying a programme's existing code and inserting its own code. Agent Smith is a virus.
• Ransomware : It takes control over a computer and holds it hostage until a ransom is paid. If no payment is made, the data is deleted or released online.
• Worm : It is a malware computer programe that replicates itself in order to spread to other computers. It does not rely on human action.
• Trojan Horse: It presents itself as or hides in a legitimate programme. Once downloaded, it can steal sensitive data by misleading the user into giving it special access.
• Rootkit: Once a rootkit gains access to a computer's operating system (OS), it can conceal itself or other malware, execute files, and even make changes to a system. It is nearly undetectable.
• Spyware: It is a kind software that installs itself on to a computer and starts covertly collecting, tracking, and stealing the user's sensitive data.

Use of Malware

Malware is generally created for the following purposes – 

• For monetary gain by means of selling the malware on Dark Web or extorting money out of the affected parties.
• To test the vulnerability of systems.
   
• As a potent weapon of cyber-warfare.

Agent Smith - The Nomenclature

The malware is named after Hugo Weaving’s character in the Wachowski Brothers’ trilogy - The Matrix. Just like how Agent Smith could change anyone into his clone in the movie, the malware - Agent Smith - disguises itself as a Google-related application and gets embedded on Android devices.

An Advanced Malware

Structurally, Agent Smith is an advanced malware, identifying and exploiting the latest vulnerabilities in the Android OS, including Janus, Bundle, and Man-in-the-Disk to build a botnet of controlled devices. The Janus vulnerability, for e.g., enables the malware to take over an Android app without changing its hash value (unique signature), making the hack very challenging to detect.

 While Agent Smith’s activities are, for the time being, restricted to throwing up advertisements, given the huge botnet at its disposal, the virus can be misused by the creators for a host of purposes including stealing sensitive data like banking details.

Stages of Infection

Agent Smith enters a system in a 3-stage infection chain -

• Phase 1: Lure & Locate

The user is lured into downloading a dropper (Trojan) through free games, porn apps, etc. from an app store like 9Apps. The dropper then looks for popular apps (like Ludo Master, Rabbit Temple, etc.)  through a predetermined list. 

• Phase 2: Install

The dropper then decrypts the malicious payload into an APK file and installs this core malware exploiting various Android vulnerabilities.

• Phase 3: Attack & Swap

The core malware attacks the applications in accordance with the predetermined list, patching the innocent application’s APK file with extra malicious modules and finally swapping the innocent version with the malicious version.

Detecting the Infection

A sudden increase in the number of ads on the Android phone, unrelated to one’s usual browsing habits could mean that the device is infected with Agent Smith. If the infection is sensed, the suspected app should immediately be uninstalled. If no app is found, all recently installed apps may be deleted or a ‘factory reset’ may be done.

Guarding Against Malware

A combination of cyber-security tools and personal cyber hygiene will considerably minimise risks associated with such infections. These include -

• Use of common sense

Users should not blindly click on links sent via e-mails and pop-ups giving tempting ‘offers’. E-mails should be properly scrutinised for the details of senders and the links contained.

• Practice of ‘skeptical computing’

It is safer to presume that any programme is potentially malicious unless proven otherwise

• Safety while Downloading Apps

Only trusted sources like Google Playstore should be used for downloads and not any third-party app stores.

• Cyber-Security Software

OS and other software should be kept updated. Investment in good security software including ad-blockers, anti-malwares, anti-spywares, spam filters, intrusion detection systems, and firewalls would go a long way in ensuring cyber-safety.

The Indian Scenario

According to Check Point, 2.5 crore devices have been infected by Agent Smith, 1.5 crore of which are in India.[iii] This is not surprising in light of the fact that the malware was originally downloaded from 9Apps which is very popular in India, Russia, Indonesia, & Arabic-speaking countries. Significant infection was also noticed in the United States, the United Kingdom, Australia, Bangladesh, and Pakistan.

The number of smartphones in India stood at 46.8 crore in 2017 and is expected to touch 85.9 crore by 2022.[iv] This is both an opportunity and a threat for India.

It is an opportunity to realise the full potential of Make-in-India in mobile handsets and move from ‘assembled in India’ to ‘fully manufactured in India’, at least in the low to mid-range category. This section is dominated by Chinese companies at the moment. Needless to say, it’s going to be an onerous task which would primarily require political will and focus.

 The threat emanates from India’s appallingly low cyber-literacy levels. It is imperative for the government to conduct large-scale, effective cyber-literacy drives in collaboration with mobile companies, financial institutions, and other stake-holders so that the increasing number of smart-phone users is an asset and not a liability to the nation. A very important element in this drive would be the Armed Forces. The Defence Ministry should sensitise the Armed Forces personnel at all levels about the implications of clicking on unverified links, believing hoax mails (like the Nigerian 419 scam), using social media including TikTok, disclosing avoidable information online, keeping ‘location’ on, and so forth. It should also conduct workshop in the junior leadership levels to increase sensitisation and awareness as guidelines merely regulating access are bound to fail, at least in some cases. What is being done right now is neither adequate nor effective. Cyber hygiene should be a compulsory course for all personnel of the Armed Forces.

From being used for experiments and pranks, to becoming tools of cyber-warfare, malware have evolved from the innocuous Creeper Worm to the dangerous Stuxnet, Petya, Agent Smith, etc. India should hence follow the adage‘Prevention is certainly better than cure’ in full earnest as far as cyber-security is concerned.