The Latest in IT Security

Fraudsters Use Legit AV Brands to Mask Boxer


SMS scammers targeting Android smartphone users are showing no sign of ceasing. As long as Android has a big chunk of the consumer market, threats targeting this OS will never go away.

So far, we’ve seen bogus mobile Internet browsers, such as a fake Opera Mini (an OpFake malware) and a fake Firefox (a Boxer malware), and we’ve also seen criminals go after mobile gamers by repackaging their app as the official London 2012 Olympics game app.

Randall, one of our malware researchers in the AV Labs, spotted another Russian website, this time claiming to be an Android market for legitimate antivirus apps.

click to enlarge

Zoom in on the left-hand side of the page and see the familiar, legit AV brands that actually have real AV apps for Android.

click to enlarge

Yep, it appears our “app” is up there, too (In case you’re not aware, we just released the nonbeta version of GFI VIPRE Security Premium on Google Play).

Unsurprisingly, the purported VIPRE app served is malware. Another Boxer, to be specific, that we detect as Trojan.AndroidOS.Generic.A. It is also no surprise that the rest of the purported AV apps all have the same sizes (186.4kb) because they’re all just the same variant repackaged and named differently.

Here are some additional details worth noting:

  • SMS message sent to a premium number: “6745+14900162+x+a”
  • Package name:
  • APK name: antivirus_install.apk

Dear Reader, please make sure that when you download apps for your Android phone, you’re downloading it from legitimate and official sites only.
Stay safe!

Jovi Umawing (Thanks to Randall for spotting this)

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments