Fake Android Markets
We have seen recently the spread of fake Android official market and website.
The fake android markets usually contain many (if not all of the them) malicious applications which can target the victim in the two places where it hurts the most – namely, money and privacy.
Those are malicious versions of the legitimate applications created by the legitimate developers.
Below you can see an example of fake official Android market (note the icon on the left which is the same as the real Android market found here: https://market.android.com/ )
Fake ‘AVG Mobilation’ Anti-Virus
Below you can see a picture taken from other fake Android market (see ‘Android Market’ text on the top), which contain seem to be legit AVG Anti-Virus free which is the popular Android Anti-Virus in the official Android market.
The information on the seem to be legit Anti-Virus contain images, text , info and explanations from the official Android Market to convince the user that it is the real application and developer.
Here you can see the fake Anti-Virus with other fake popular applications:
One more thing to note – in case you downloaded the fake Anti-Virus application eventually you will not get a fake application of Anti-Virus but other file with malicious activity named ‘FakeInstaller’ but it is not always the case for all the fake Android markets.
Just to show the difference the real AVG Anti-Virus free application can be downloaded from the following link:
https://market.android.com/details?id=com.antivirus
And look like the following in the official Android market:
Technical Analysis of new variant of ‘Virus Scanner’, Fake Anti-Virus malware
This week, the AVG Mobilation research team found a new variant of ‘Virus Scanner’ malware that is found in the wild.
The malware can be downloaded from a Russian website with the ‘Opera Virus Scanner’ text:
Below you can see the manifest file of the variant:
In the permissions list you can see the SEND_SMS permission used to send the SMS to the premium service.
When the Trojan is installed, it will have the ‘AntiVirus’ icon (image was blured in purpose to get confused with an icon of a legitimate Anti-Virus vendor):
And upon opened it will display the following message on the device:
A question is presented to the user if he/she want to see the ‘Rules’ or to ‘Continue’.
In case the user will press ‘Continue’ the virus scanner will be seem to be launched with the following preferences:
– Turn on multi-level protection
– Turn on web site scanning.
– Turn on scanning for malicious applications.
– Turn on scanning for SMS and contacts.
– Turn on installation of application locker.
– Disable remote control of device
– Turn on Wi-Fi protection.
In reality, the malware will send up to 3 SMSs to service premium numbers.
This is written in the ‘Rules’ section as can be seen below:
We can see below hard coded activation code per country so the SMS mechanism can be operation not matter what is the current location of the device:
And here is part of the SMS sending mechanism:
It is good to mention that those are the same methods as seen in PCs.
The malware authors now targeting mobile devices are just transferring their methods and methods to the mobile platforms.
Mitigation (Fake Android Markets)
Always browse to the official Android market and download your application from there.
The official Android market can be found here:
How to remove
AVG Mobilation Anti-Virus Free and Pro products provide protection against this threat.
In order for the protection to be activated, update your Android phone with our latest version.
Keep your device safe with AVG Mobilation Anti-Virus Free and Pro products.
Download now from http://www.avgmobilation.com/products.html
How to avoid getting infected:
When installing new apps to your Android device, always look at the permissions an application requests to approve and make sure the list seems appropriate.
In addition, only download apps from application stores, sites and developers that you trust, and always check the application star rating, developer information and user reviews to make sure you know what you are downloading.
Related articles
- AVG Mobile Threat Update: Week 3 (blogs.avg.com)
Leave a reply
