{"description": "Mobile techniques used by Agent Smith, ATT&CK software S0440 (v1.0)", "name": "Agent Smith (S0440)", "domain": "mobile-attack", "versions": {"layer": "4.5", "attack": "17", "navigator": "5.1.0"}, "techniques": [{"techniqueID": "T1577", "comment": "[Agent Smith](https://attack.mitre.org/software/S0440) can inject fraudulent ad modules into existing applications on a device.(Citation: CheckPoint Agent Smith)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1404", "comment": "[Agent Smith](https://attack.mitre.org/software/S0440) exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.(Citation: CheckPoint Agent Smith)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1643", "comment": "[Agent Smith](https://attack.mitre.org/software/S0440) shows fraudulent ads to generate revenue.(Citation: CheckPoint Agent Smith)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1628", "showSubtechniques": true}, {"techniqueID": "T1628.001", "comment": "[Agent Smith](https://attack.mitre.org/software/S0440) can hide its icon from the application launcher.(Citation: CheckPoint Agent Smith)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1630", "showSubtechniques": true}, {"techniqueID": "T1630.002", "comment": "[Agent Smith](https://attack.mitre.org/software/S0440) deletes infected applications\u2019 update packages when they are detected on the system, preventing updates.(Citation: CheckPoint Agent Smith)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1655", "showSubtechniques": true}, {"techniqueID": "T1655.001", "comment": "[Agent Smith](https://attack.mitre.org/software/S0440) can impersonate any popular application on an infected device, and the core malware disguises itself as a legitimate Google application. [Agent Smith](https://attack.mitre.org/software/S0440)'s dropper is a weaponized legitimate Feng Shui Bundle.(Citation: CheckPoint Agent Smith) ", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1406", "showSubtechniques": true}, {"techniqueID": "T1406.001", "comment": "[Agent Smith](https://attack.mitre.org/software/S0440)\u2019s core malware is disguised as a JPG file, and encrypted with an XOR cipher.(Citation: CheckPoint Agent Smith)", "score": 1, "color": "#66b1ff", "showSubtechniques": true}, {"techniqueID": "T1424", "comment": "[Agent Smith](https://attack.mitre.org/software/S0440) checks if a targeted application is running in user-space prior to infection.(Citation: CheckPoint Agent Smith) ", "score": 1, "color": "#66b1ff", "showSubtechniques": false}, {"techniqueID": "T1418", "comment": "[Agent Smith](https://attack.mitre.org/software/S0440) obtains the device\u2019s application list.(Citation: CheckPoint Agent Smith)", "score": 1, "color": "#66b1ff", "showSubtechniques": false}], "gradient": {"colors": ["#ffffff", "#66b1ff"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Agent Smith", "color": "#66b1ff"}]}