The Latest in IT Security

Fake anti-virus disguises used by Android malware

16
May
2012

The Android malware threat is growing.

As financially-motivated cybercriminals realise there’s a real opportunity to make money, so we are seeing more attacks created and distributed which target Android devices.

And it’s no surprise to see similar social engineering tricks that have worked on other operating systems in the past also being used on the Android platform.

Like fake anti-virus, for instance.

As our friends at GFI described earlier this week, criminals spammed out links via Twitter pointing to webpages that contained a rogue app posing as a legitimate virus scanner.

Malicious tweet

SophosLabs researcher Vanja Svajcer investigated the case, and discovered the .ru domains pointed to the same IP address hosted in Ukraine.

When visited, the webpages determine whether it would be more appropriate to serve up a Java ME .jar file (for phones which are “not-so-smart”) or an Android .apk.

Depending on the URL you click on and URL parameters, you might be prompted (in Russian) to install fake updates for a variety of products including the Opera browser and Skype.

Fake updates for Android apps

Or you might be presented with a page which prompts you to run a security scan on your phone. Of course, the anti-virus “scan” it initiates is completely fake, and is designed to frighten you into installing an app onto your phone.

Fake anti-virus scan on Android

The look of the fake anti-virus scans can vary. Here’s another version, which has adopted a more traditional “Android green” theme:

Fake anti-virus scan on Android

All of this subterfuge is being undertaken, of course, for just one purpose: to trick you into downloading and installing an app onto your Android phone.

In this case, the program pretending to be an anti-virus app has even stolen an icon to trick the unwary into believing it may have been coded by Kaspersky.

Android fake anti-virus app downloaded and installed

If you went ahead and installed the app onto your mobile, it would attempt to send expensive SMS messages to premium rate services, and has the ability to download and install further code from the internet onto your Android smartphone.

Sophos products detect these latest threats as members of the Andr/Boxer family of malware.

Leave a reply


Categories

THURSDAY, SEPTEMBER 23, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments