What is Agent Smith Malware? All the Facts on the Latest Malware Affecting Android

man types on phone infected with agent smith malware

You may have read about “Agent Smith” malware in the news recently. It has caused a stir by infecting over 25 million Android devices across the world, mimicking popular apps and presenting users with fraudulent ads. So how does it work? And how do you know if a handset has been affected?

How Does Agent Smith Malware Work?

This malware is named after the character Agent Smith in The Matrix, as it propagates in a similar way to the virus Agent Smith in the film. The malware is a silent attacker, infiltrating a user’s existing apps to show them a large number of ads or steal credit to pay for adverts that have been served.

The malware takes advantage of a few different Android vulnerabilities. Agent Smith works its way onto a device when a user downloads a malicious app posing as a legitimate app, from a third party app store. It first surfaced in a third-party app store called “9Apps”, which primarily targets Indian, Indonesian and Arabic users. As a result, these are the areas where the highest number of infections have been recorded.

This “dropper app” then installs malicious files onto the device, under the guise of a Google Update. Certain targeted apps on the phone, including Whatsapp and Opera, are then patched with malicious advertising modules, replacing the original app with the malicious version.

How do you know if your device has been infected with Agent Smith?

Agent Smith is quite easy to spot: if your regular apps that usually have no ads, or minimal ads, suddenly start displaying lots of them, you may well be affected. A feature of Agent Smith ads is that they are very difficult or impossible to exit.

However, you could have another type of malware, so you should run an antivirus scan to identify exactly what the problem is.

How can you remove Agent Smith from your device?

Removing Agent Smith essentially follows the same process as removing any other malware from an Android device. The first port of call, as mentioned, should be to run an antivirus scan to ensure you are indeed dealing with Agent Smith.

An easy way to try and eliminate the malware is to use a virus removal app, such as Malwarebytes or Bitdefender Antivirus Free.

If this doesn’t work, you may have to do a factory reset. However, this will delete all of your data, so should be a last port of call!


Whilst Agent Smith is a real threat to Android users, there are ways in which you can protect yourself. Being vigilant in terms of identifying differences in your phone’s normal ad behaviour will help you spot a potential Agent Smith infection early on and remove it before it has a chance to steal any more data. Also, being cautious when downloading new apps is crucial to avoiding this kind of malware. If you have recently downloaded a new app then be wary of any Google Update which quickly follows suit, as this could well be part of the Agent Smith infection. General increased awareness of the threat of malware on your device will help protect against Agent Smith and more like it.