Agent Smith is mobile malware that generates financial gain by replacing legitimate applications on devices with malicious versions that include fraudulent ads. As of July 2019 Agent Smith had infected around 25 million devices, primarily targeting India though effects had been observed in other Asian countries as well as Saudi Arabia, the United Kingdom, and the United States.
|Mobile||T1577||Compromise Application Executable|
|Mobile||T1447||Delete Device Data|
|Mobile||T1476||Deliver Malicious App via Other Means|
|Mobile||T1404||Exploit OS Vulnerability|
|Mobile||T1472||Generate Fraudulent Advertising Revenue|
|Mobile||T1444||Masquerade as Legitimate Application||
Agent Smith can impersonate any popular application on an infected device, and the core malware disguises itself as a legitimate Google application. Agent Smith's dropper is a weaponized legitimate Feng Shui Bundle.
|Mobile||T1406||Obfuscated Files or Information|
|Mobile||T1508||Suppress Application Icon|