Agent Smith doesn’t harvest data from infected devices. What it does instead is make other apps display ads, and essentially steal the ad revenue of those and other apps. It looks for known apps on an infected device, and patches its own malicious ad modules into their code. This not only redirects the app’s ad revenue to them, but also prevents the infected apps from being updated.
Oddly enough, the vulnerability that Agent Smith makes use of was patched quite awhile ago. Yet, Agent Smith is still able to propagate due to app developers not updating their apps to keep them protected. Google has removed the malicious apps spreading Agent Smith from the Play Store, but it still spreads wildly though a third party app store called 9Apps. Check Point calls Agent Smith “as malicious as they come”. While this version was made to steal ad revenue, another version could be made to steal private information. It also serves as a reminder to be very careful about getting apps outside of official channels, if you absolutely have to. (Source: Check Point [1], [2], [3] via The Verge)
