ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Android users hit by scareware scam

By | January 9, 2012, 8:29am PST

Summary: Security researchers from Kaspersky Labs have intercepted a scareware variant targeting Android users.

Security researchers from Kaspersky Labs have intercepted a scareware variant targeting Android users, distributed as an Opera Virus Scanner.

According to Kaspersky:

Both web pages claim that the user’s device might be infected and that somebody has access to personal data and then will ask the user to check his or her device for malware. If the user clicks on the button, the web page will emulate device scanning with the following ‘hard-coded’ results.

This web page never ‘finds’ malware on a SIM card but messages, calls, apps, browser history, storage and system files have threats, malware and are remotely accessible.

If the user clicks on the link, they’ll be asked to download VirusScanner.apk, which is currently detected as Trojan-SMS.AndroidOS.Scavir. If the user is using a non-Android device, they’ll be asked to download VirusScanner.jar currently detected as Trojan-SMS.J2ME.Agent.ij.

Malicious attackers are no strangers to the basics of localization and OS-porting. For instance, in the past we have seen scareware templates localized to Arabic, and DDoS bots ported across multiple operating systems.

The migration of scareware also known as fake antivirus software to mobile platforms, was a logical development largely anticipated by industry watchers.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Researcher, Kaspersky Lab, Android User, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
5
Comments
Add Your Opinion

Join the conversation!

Just In

lol Opera Virus Scanner!
SonicLogic Updated - 9th Jan
Would have been a better choice to choose the Avast logo. Which btw is available on the market for free.

Gets me thinking why not review a product like Avast antivirus (for android) which is free, has tonnes of features (including webshield for this type of crap) but instead you write scare tactics to get more hits.. Better to be protected by all not just the few that hit the headlines....
ZDNet has really lost its touch in the past 2-3 years...
View in thread
0 Votes
+ -
RE: Android users hit by scareware scam
Anthony E 9th Jan
Only works if the user has accept non-market downloads enabled.. So most android phone users non affected.. No name fry's, walgreen tablet users can & will be affected.
0 Votes
+ -
RE: Android users hit by scareware scam
Pete "athynz" Athens 9th Jan
@Anthony E So most android phone users non affected..

Got any proof of this? Come on, any data at all concerning how many users have non market downloads enabled or disabled? Anyone who uses the Amazon App Market for example has non-market downloading enabled.

Nor does the article specify if the app is on Google's App Market or available solely from a non market source.
0 Votes
+ -
RE: Android users hit by scareware scam
Anthony E 9th Jan
@Pete "athynz" Athens
FTA - "Both web pages claim that the user???s device might be infected and that somebody has access to personal data and then will ask the user to check his or her device for malware"

And correct amazon has non-market enabled..
Phones by default have non-market disabled. So phones unless the user changed the non-market setting won't be affected.. Amazon and Usually no name tablet makers will direct users to there market instead of googles..
0 Votes
+ -
RE: Android users hit by scareware scam
Pete "athynz" Athens 9th Jan
@Anthony E I guess it would help if I followed the link in the article... then again I rarely use my Android phone to surf the web - I do have the non market sources enabled as I use the Amazon App market.
1 Vote
+ -
lol Opera Virus Scanner!
SonicLogic Updated - 9th Jan
Would have been a better choice to choose the Avast logo. Which btw is available on the market for free.

Gets me thinking why not review a product like Avast antivirus (for android) which is free, has tonnes of features (including webshield for this type of crap) but instead you write scare tactics to get more hits.. Better to be protected by all not just the few that hit the headlines....
ZDNet has really lost its touch in the past 2-3 years...

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix