Skip to content

Hide Navigation Hide TOC

Agent Smith - S0440 (a6228601-03f6-4949-ae22-c1087627a637)

Agent Smith is mobile malware that generates financial gain by replacing legitimate applications on devices with malicious versions that include fraudulent ads. As of July 2019 Agent Smith had infected around 25 million devices, primarily targeting India though effects had been observed in other Asian countries as well as Saudi Arabia, the United Kingdom, and the United States.(Citation: CheckPoint Agent Smith)

Cluster A Galaxy A Cluster B Galaxy B Level
Compromise Application Executable - T1577 (d3bc5020-f6a2-41c0-8ccb-5e563101b60c) Attack Pattern Agent Smith - S0440 (a6228601-03f6-4949-ae22-c1087627a637) Malware 1
Steganography - T1406.001 (fa801609-ca8e-415e-815e-65f3826ff4df) Attack Pattern Agent Smith - S0440 (a6228601-03f6-4949-ae22-c1087627a637) Malware 1
Software Discovery - T1418 (198ce408-1470-45ee-b47f-7056050d4fc2) Attack Pattern Agent Smith - S0440 (a6228601-03f6-4949-ae22-c1087627a637) Malware 1
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Agent Smith - S0440 (a6228601-03f6-4949-ae22-c1087627a637) Malware 1
Agent Smith - S0440 (a6228601-03f6-4949-ae22-c1087627a637) Malware Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 1
Exploitation for Privilege Escalation - T1404 (351c0927-2fc1-4a2c-ad84-cbbee7eb8172) Attack Pattern Agent Smith - S0440 (a6228601-03f6-4949-ae22-c1087627a637) Malware 1
Process Discovery - T1424 (1b51f5bc-b97a-498a-8dbd-bc6b1901bf19) Attack Pattern Agent Smith - S0440 (a6228601-03f6-4949-ae22-c1087627a637) Malware 1
File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern Agent Smith - S0440 (a6228601-03f6-4949-ae22-c1087627a637) Malware 1
Agent Smith - S0440 (a6228601-03f6-4949-ae22-c1087627a637) Malware Generate Traffic from Victim - T1643 (a8e971b8-8dc7-4514-8249-ae95427ec467) Attack Pattern 1
Steganography - T1406.001 (fa801609-ca8e-415e-815e-65f3826ff4df) Attack Pattern Obfuscated Files or Information - T1406 (d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a) Attack Pattern 2
Suppress Application Icon - T1628.001 (f05fc151-aa62-47e3-ae57-2d1b23d64bf6) Attack Pattern Hide Artifacts - T1628 (fc53309d-ebd5-4573-9242-57024ebdad4f) Attack Pattern 2
Masquerading - T1655 (f856eaab-e84a-4265-a8a2-7bf37e5dc2fc) Attack Pattern Match Legitimate Name or Location - T1655.001 (114fed8b-7eed-4136-8b9c-411c5c7fff4b) Attack Pattern 2
Indicator Removal on Host - T1630 (0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d) Attack Pattern File Deletion - T1630.002 (ab7400b7-3476-4776-9545-ef3fa373de63) Attack Pattern 2