Fake, malware-laden Android antivirus apps on the rise
Apr 30, 2013
Criminals making fake antivirus apps are now not only targeting users of desktop computers but also of mobile devices running Google’s Android operating system, a security vendor said.
Russia-based Doctor Web said the scheme involves in-app advertising where the ads prompt users them to scan their devices for viruses, then have them download a fake antivirus.
"Ads displayed by Android applications have long been exploited by criminals to spread malware. Being an effective and relatively inexpensive means to reach a wide audience, advertisements are often used in schemes. Ads found by Doctor Web’s analysts this time offer Android users virus scans," it said in a blog post.
It said the fake antivirus is a Trojan belonging to the Android.Fakealert family.
Users who fall for the ads and click are redirected to a website where they can download an "anti-virus" – which is really malware identified as Android.Fakealert.4.origin.
"Once Android.Fakealert.4.origin is installed and launched, it notifies the user that a threat has been detected, but, as to be expected, the user has to buy a full version of the program to neutralize it," Doctor Web said.
Also, it said Android.Fakealert.4.origin can display corresponding messages in the notification panel.
Doctor Web noted Trojans of the family Android.Fakealert have been around since October 2012, posing as fully functional anti-virus apps and pretending to detect threats.
"To get rid of malware that has supposedly been found, the user must pay a certain amount. Users of PCs know this scheme well," it said.
It advised Android users to be more skeptical about ads displayed by apps and to use reliable anti-virus software.
Russia-based Doctor Web said the scheme involves in-app advertising where the ads prompt users them to scan their devices for viruses, then have them download a fake antivirus.
"Ads displayed by Android applications have long been exploited by criminals to spread malware. Being an effective and relatively inexpensive means to reach a wide audience, advertisements are often used in schemes. Ads found by Doctor Web’s analysts this time offer Android users virus scans," it said in a blog post.
It said the fake antivirus is a Trojan belonging to the Android.Fakealert family.
Users who fall for the ads and click are redirected to a website where they can download an "anti-virus" – which is really malware identified as Android.Fakealert.4.origin.
"Once Android.Fakealert.4.origin is installed and launched, it notifies the user that a threat has been detected, but, as to be expected, the user has to buy a full version of the program to neutralize it," Doctor Web said.
Also, it said Android.Fakealert.4.origin can display corresponding messages in the notification panel.
Doctor Web noted Trojans of the family Android.Fakealert have been around since October 2012, posing as fully functional anti-virus apps and pretending to detect threats.
"To get rid of malware that has supposedly been found, the user must pay a certain amount. Users of PCs know this scheme well," it said.
It advised Android users to be more skeptical about ads displayed by apps and to use reliable anti-virus software.