Android users hit by scareware scam

Android users hit by scareware scam

Summary: Security researchers from Kaspersky Labs have intercepted a scareware variant targeting Android users.

SHARE:
TOPICS: Security
5

Security researchers from Kaspersky Labs have intercepted a scareware variant targeting Android users, distributed as an Opera Virus Scanner.

According to Kaspersky:

Both web pages claim that the user’s device might be infected and that somebody has access to personal data and then will ask the user to check his or her device for malware. If the user clicks on the button, the web page will emulate device scanning with the following ‘hard-coded’ results.

This web page never ‘finds’ malware on a SIM card but messages, calls, apps, browser history, storage and system files have threats, malware and are remotely accessible.

If the user clicks on the link, they'll be asked to download VirusScanner.apk, which is currently detected as Trojan-SMS.AndroidOS.Scavir. If the user is using a non-Android device, they'll be asked to download VirusScanner.jar currently detected as Trojan-SMS.J2ME.Agent.ij.

Malicious attackers are no strangers to the basics of localization and OS-porting. For instance, in the past we have seen scareware templates localized to Arabic, and DDoS bots ported across multiple operating systems.

The migration of scareware also known as fake antivirus software to mobile platforms, was a logical development largely anticipated by industry watchers.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • RE: Android users hit by scareware scam

    Only works if the user has accept non-market downloads enabled.. So most android phone users non affected.. No name fry's, walgreen tablet users can & will be affected.
    Anthony E
    • RE: Android users hit by scareware scam

      @Anthony E [b]So most android phone users non affected..[/b]

      Got any proof of this? Come on, any data at all concerning how many users have non market downloads enabled or disabled? Anyone who uses the Amazon App Market for example has non-market downloading enabled.

      Nor does the article specify if the app is on Google's App Market or available solely from a non market source.
      athynz
      • RE: Android users hit by scareware scam

        @Pete "athynz" Athens
        FTA - "Both web pages claim that the user???s device might be infected and that somebody has access to personal data and then will ask the user to check his or her device for malware"

        And correct amazon has non-market enabled..
        Phones by default have non-market disabled. So phones unless the user changed the non-market setting won't be affected.. Amazon and Usually no name tablet makers will direct users to there market instead of googles..
        Anthony E
      • RE: Android users hit by scareware scam

        @Anthony E I guess it would help if I followed the link in the article... then again I rarely use my Android phone to surf the web - I do have the non market sources enabled as I use the Amazon App market.
        athynz
  • lol Opera Virus Scanner!

    Would have been a better choice to choose the Avast logo. Which btw is available on the market for free.<br><br>Gets me thinking why not review a product like Avast antivirus (for android) which is free, has tonnes of features (including webshield for this type of crap) but instead you write scare tactics to get more hits.. Better to be protected by all not just the few that hit the headlines.... <br>ZDNet has really lost its touch in the past 2-3 years...
    SonicLogic