Fake anti-virus disguises used by Android malware

Filed Under: Android, Featured, Malware, Mobile

Android fake anti-virus downloadThe Android malware threat is growing.

As financially-motivated cybercriminals realise there's a real opportunity to make money, so we are seeing more attacks created and distributed which target Android devices.

And it's no surprise to see similar social engineering tricks that have worked on other operating systems in the past also being used on the Android platform.

Like fake anti-virus, for instance.

As our friends at GFI described earlier this week, criminals spammed out links via Twitter pointing to webpages that contained a rogue app posing as a legitimate virus scanner.

Malicious tweet

SophosLabs researcher Vanja Svajcer investigated the case, and discovered the .ru domains pointed to the same IP address hosted in Ukraine.

When visited, the webpages determine whether it would be more appropriate to serve up a Java ME .jar file (for phones which are "not-so-smart") or an Android .apk.

Depending on the URL you click on and URL parameters, you might be prompted (in Russian) to install fake updates for a variety of products including the Opera browser and Skype.

Fake updates for Android apps

Or you might be presented with a page which prompts you to run a security scan on your phone. Of course, the anti-virus "scan" it initiates is completely fake, and is designed to frighten you into installing an app onto your phone.

Fake anti-virus scan on Android

The look of the fake anti-virus scans can vary. Here's another version, which has adopted a more traditional "Android green" theme:

Fake anti-virus scan on Android

All of this subterfuge is being undertaken, of course, for just one purpose: to trick you into downloading and installing an app onto your Android phone.

In this case, the program pretending to be an anti-virus app has even stolen an icon to trick the unwary into believing it may have been coded by Kaspersky.

Android fake anti-virus app downloaded and installed

If you went ahead and installed the app onto your mobile, it would attempt to send expensive SMS messages to premium rate services, and has the ability to download and install further code from the internet onto your Android smartphone.

Sophos products detect these latest threats as members of the Andr/Boxer family of malware.

Thanks to SophosLabs researcher Vanja Svajcer for his assistance with this article.

, , , ,

You might like

One Response to Fake anti-virus disguises used by Android malware

  1. albert · 859 days ago

    hi sophos i have a question is dr. web a reliable anti virus software for android please reply....

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.