Beware of Android Defender mobile scareware
Posted on 31.05.2013
Scareware aimed at mobile users is not nearly as ubiquitous as that directed at those who use Windows-run PCs. Nevertheless, there is some out there.

Sophos' Paul Ducklin has analyzed a sample that, naturally, masquerades as a mobile AV solution.

Dubbed Android Defender, the app simulates finding a host of malware on the victims' Android device, then urges them to "Buy and eliminate threats".


Most of the malware names used are actually those of existing threats, so they will definitely sound familiar and they add to the illusion.

"But it's all smoke and mirrors. You don't have to be a Java coder, or even a programmer at all, to spot in the source code below that the app is using the Math.random() function to build up a list of virus names to report later," says Ducklin. "The malware names are field-updatable, stored in Russian and in English in an XML data file that is part of the malware's APK file."

It's interesting to note that while the app itself is buggy and occasionally crashes or won't allow victims to buy the full version and activate it, it ultimately does confirm the sale and "shows" that the malware has been removed.

It's also interesting to see that its authors have thought about making the app pretend to update malware signatures every day, as well as build into it a "half-hearted" privacy manager tool.

Unfortunately, not only do victims lose their money by buying it, but are also lulled into a false sense of security.

Ducklin advises users to download and install a legitimate AV solution and to disallow (Security Settings, uncheck the "Unknown sources" option) the installation of apps from unknown sources to prevent something like this from happening in the first place.









Spotlight

Free security software identifies cloud vulnerabilities

Posted on 21 October 2104.  |  Designed for IT and security professionals, the service gives a view of the data exchanged with partner and cloud applications beyond the network firewall. Completely passive, it runs on non-production systems, and does not require firewall changes.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Oct 21st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //