Complete Guide to Remove Agent Smith Malware from Android Device


Guide to Remove Agent Smith Virus

Cyber-security is one of the major concerns that the world is dealing with today. Devious variants of Ransomware, Spyware & Viruses seem to sprang up every now & then, to steal personal information of the users & extort money from them.

While renowned cyber-security firms assure that most of such issues are under control, the attack of Agent Smith Virus melted the veil away.

Agent Smith Virus Attack

Agent Smith Virus is a new variant of android phones malware that surfaced to lime-light last week. It has infected over 25 Million Android users around the globe so far, including 15 million mobile devices in India.

This new advertising malware is targeting the infected devices with dubious & malicious pop-up ads, when the users open the apps.

Reports by Check Point, an Israel-based IT firm, states that Agent Smith Virus is propagating its infection through the unverified apps that are available on third-party app stores.

Threat Summary

Name Agent Smith
Category Malware
Type Virus
Targeted Operating System Android
Symptoms Appearance of dubious ads while using apps such as Whatsapp, Flipkart, Twitter

Insight into Threat Behavior of Agent Smith Virus

Agent Smith Virus, a new kind of advertising malware, is taking over Android Devices at an alarming rate. It has been specifically created to target Android Devices with dodgy pop-up ads & generate illicit revenue in return.

Whatsapp displaying ads

Reports claimed Check Point to be the whistle-blower for this Android Malware. It is an Israel-based cyber-security firm that conducted detailed analysis of this malware’s threat behavior.

The analysis revealed that Agent Smith Malware is spreading its infection via third-party App Stores such as & exploiting known vulnerabilities of Android OS. The virus takes cover in the photography & gaming apps available on third-party app stores.

The Virus has infected over 25 Million Android Users world-wide, including 15 Million in India, 300,000 in the United States & 137,000 in the United Kingdom. Other countries that have been impacted by Agent Smith Virus include Pakistan, Australia & Bangladesh.


Keen observance of Check Point team found that users often tend to allow “All” the permissions to the applications while installing this app. The hackers behind Agent Smith Virus take leverage of incautious attitude of mobile users.

The Agent Smith Virus Attack consists of three-stage infection:

1). The attack initiates with the app downloaded from third-party app store. These applications, typically, are dubious versions of the legit apps that are laden with advertising malware.

2). Once the user downloads & installs these apps, Agent Smith Malware leverages the permissions given to the app. It gets installed on the device simultaneously & renames as a Google-related application to get an “authentic” look. These names may include Google Updater, Google themes, Google Powers & Google Installer for U. By exhibiting its association with Google, this devious virus escapes detection.

Working Module of Agent Smith Virus

3). Thirdly, the core Android Package File (.apk) of the malware extracts a list of installed apps on the device & scans it for the targeted app. The virus injects malicious code & ad modules to the .APK Files of the app when found. This way it infects the legit applications to serve pop-up ads whenever the user opens it.

Some of the legitimate apps such as Whatsapp, Flipkart & Opera Browser have been reported to be replaced by the malicious versions to serve ads. As per the researchers, the ads are not malicious. However, the ad fraud scheme initiated by the hackers will have them earn money for every intentional/unintentional click on the injected ads.

Not only this, the attack of Agent Smith Malware may also lead to cyber-security breach, eavesdropping and data theft & banking credentials theft.

Google’s Reaction to the Advertising Malware Attack:

Though the malvertising scheme has been initiated from a third-party app store, the official Android App Store wasn’t untouched.

The researchers found around 11 infected apps with malicious yet dormant code components on the Google Play Store. The malicious components were found associated with the Agent Smith Virus actor.

As soon as Google realized the impact of the malware, it took countermeasure step & removed malicious applications from the Play Store. The Agent Smith virus-laden apps are no longer available for download.

Malicious Apps on Third Party App stores

Some of the malicious applications that have been removed by the Google include –

  • Ludo Master – New Ludo Game 2019 For Free
  • Angry Virus
  • Rabbit Temple
  • Sky Warriors
  • Shooting Jet
  • Photo Projector
  • Cooking Witch
  • Clash of Virus

Distribution Techniques of Agent Smith Malware-

The researchers have found that Agent Smith Malware has been around since January 2016. The hackers behind Agent Smith Virus began plotting an array of dropper apps by taking cover in third party App Store–, thus making it the prime distribution channel. is a third-party App Store that is typically used to download modified/cracked versions of software.

The dropper applications available on the 9apps contain Agent Smith Virus masqueraded as free gaming apps, photography apps & some adult-entertaining applications.

When these virus-laden apps are downloaded & installed on a user’s phone, it searches for legit applications on the device such as Whatsapp, MX Player, Flipkart and Shareit. When found, it inserts malicious codes in .APK Files of the apps.

The applications are then replaced with its malicious versions to serve dubious pop-up ads, whenever user opens the application.

How to recognize if your Device is infected?

Identifying the presence of Agent Smith Malware on your Android Device is fairly simple. Following are the check-points that you may refer to, to detect the new advertising malware on your smart-phone.

  • The legit apps such as Whatsapp & Facebook do not serve ads. In case you are observing a large number of unwanted ads being served via Whatsapp, Facebook, Twitter & other legit apps, your device may be under the attack of Agent Smith Virus.
  • Some of the trusted applications may exhibit unexpected behavior & drain battery of the device.
  • Open Google Play Store & go to Play-Protect Option. Check if any of the applications installed on your device is flagged as harmful. If any flagged application is found, it shows the application is malware-laden.

How to Remove Agent Smith Virus from your Android Device?

STEP A: Uninstall Suspicious Application from Google Play Store

1). Open Google Play Store on your device.

1 Open Google Play Store

2). Click on (≡) given at top-left of the screen.

2 Click on three bars

3). Find “Play-Protect” from the list & click on it.

3 Find Play Protect

4). Look for the applications that are flagged as harmful by the Play-Protect.

5). Uninstall the harmful applications, if any, until “No Harmful apps found” displays.

4 No Harmful Apps Found by Play Protect

STEP B: Delete the Suspicious Application from the Android Device

1). Open “Settings” on the smart-phone & go to “Apps” section.

1. Go to Settings

2). Look for the suspicious program such as “Google Updater”, “Google Themes”, “Google Powers” and “Google Installer for U” in the list of Applications.

2. Look for Suspicious apps

3). Click on “Uninstall” to delete the application from the device.

3 Uninstall Suspicious app

STEP C: Reset the Android Device.

1). Go to “Settings” on your Android Device.

1 Settings

2). Now go to “System Settings”.

3). Find the option “Backup & Reset”. Back up your data (Images, Videos, Documents and Installed Applications) on a backup account (e-mail or Google Drive).

3 Backup & Reset

4). Once the backup of your data has been created, click on “Factory Data Reset”.

4. Factory Reset

5). A confirmation option will appear. Click on the option to proceed with re-setting the device.

5 Confirm Factory Reset

How to prevent Agent Smith Virus from infecting your smart-phone?

Following good cyber-security practices & being cautious while surfing net & downloading/installing applications, may help prevent Agent Smith Malware infection:

1). Do not use third-party App Stores to download applications (modified/cracked versions). These App Stores may offer an .APK File of a paid application for free. However, please note that nothing is free in today’s digital world, somewhere someone is befitting from it.

2). Always download applications from the Official Android App Store – Google Play Store.

3). Avoid downloading gaming/photography apps from unknown sources.

4). If you observe legit applications installed on your device are exhibiting unexpected behavior /displaying ads, delete them immediately. Install them again from Official Android App Store Only.

5). Keep your Android Device System & installed-applications updated to the latest version.

6). Use a reliable mobile antivirus to scan your android device regularly & keep the threats away, such as Vipre, Kaspersky & BULL GUARD.

7). Enable the Ad-Blocker on the browser you use to browse on your Android device. This will help you stay protected from infuriating adware.

8). Ensure “security options” given in the Play-Protect are enabled. This will help Google to check your device, prevent & warn you about the potential harm from the applications.

9). Be careful while installing an application on your Android Device. Do not give unnecessary permissions to the apps outside its usage. Avoid installing such apps.

10). Remove the applications that have been marked as harmful by Play-Protect, immediately. Be vigilant & do not give any room to the hackers to succeed in their fraudulent schemes.

Virus Removal Guidelines