Fake antivirus for mobile platform spotted

Fake antivirus for mobile platform spotted

Summary: Security researchers from CA have spotted a bogus mobile antivirus scanner using the Kaspersky brand.

TOPICS: Security, Mobility

Security researchers from CA have spotted a bogus mobile antivirus scanner using the Kaspersky brand. Spreading through social engineering, and relying on hardcoded results, the rogueware attempts to trick users into thinking they're malware-infected.

What about the monetization vector? SMS-based micro payments would have been the logical choice, however the hardcoded error message indicates an early stage experiment on behalf of the malicious attackers.

What do you think? Are we going to see a tremendous growth of scareware on mobile platforms, the way we're currently witnessing it on the Windows OS?


Topics: Security, Mobility

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • RE: Fake antivirus for mobile platform spotted

    Do any mobile device have a "C:\" drive?<br><br>Maybe it's targeted at Window phone 7 because of marketshare? NOT!
    • but then that destroys the myth that iOS and Android are bulletproof

      @Return_of_the_jedi <br><br>Thanks for the conformation on that. I'd be <i>really</i> worried now if I owned a phone with one of those OS's on it, since you don't target what you can't hack.
      John Zern
      • RE: Fake antivirus for mobile platform spotted

        @John Zern everthing can be hacked. You can't be that naive can you?
        Bill F.
      • RE: Fake antivirus for mobile platform spotted

        @John Zern If you can get access to the supervisor/kernel, and know your way around the file system (whether it uses a drive letter as above, or a volume name), then you can 'hack' something.

        That said, malware that tells you the device's C: drive is infected, when the device has no C: drive, would only catch the gullible.
      • RE: Fake antivirus for mobile platform spotted

        @John Zern<br><br>Majority of people that have a Android of iDevice use windows. Through that it can be a reasonable conclusion to the average joe, that all computing devices are the same and operate the same. Therefore, all computers have a "C:" drive. Remember, not everyone is a tech savvy user.
      • RE: Fake antivirus for mobile platform spotted

        @John Zern I think it's not so widely infected and a forgatable virus.
        <a href="http://www.kecioyun.com/" rel="muse">oyun</a>
    • RE: Fake antivirus for mobile platform spotted

      @Return_of_the_jedi <br><br>You can't be that iNaive can you?<br><br>Windows phone doesn't have a C:\ drive.
      It doesn't matter anyway because it's just a message and has nothing to do with the file system.
      • RE: Fake antivirus for mobile platform spotted

        @mikroland ...... This type of thing could easily trap the none IT individuals who wouldn't know the first thing about whether their phone has a c drive or not.
      • if a user installed the malware means it succeeded.

        From what i understand, this app is disguised as a ligitmate antimalware software availible directly from Google Play the official outlet for Android apps. For that message could be a slight of hand trick to install keyloggers or other types of mallicious attack tools while feigning the n00bs and experts alike.

        just to see howmany users can be reached by a potential attack is almost just as valuable to people that want to steal identities. It's like fishing (the real fishing not phishing)eventually you will get a bite.
    • RE: Fake antivirus for mobile platform spotted

      @Return_of_the_jedi Symbian based phones, if I remember correctly, do. Or at least java swears they do.
    • RE: Fake antivirus for mobile platform spotted


      C:\ drive may not be available... But consider this.

      That emulator is sun's J2ME emulator.
      If write a j2ME app and point to C:\, most of the time J2ME points this to phone's built in memory's root. (E:\ points to SD Card .etc) This works on symbian OS very well.

      Windows Phone 7 doesn't allow direct access to storage. All apps see an isolated folder and cannot write or read data from storage. If you need to load a media file, you have to go through the media API and use Music + Videos Hub.
      Unless you jailbreak the phone, apps are not allowed access to the storage (which sometimes is a pain in the butt). So don't have to worry about WP7.

      We should always look at what we allow an application to do when we install it. Most platforms shows what permissions the app requires before installing it.
      Madushan Siriwardena
    • RE: Fake antivirus for mobile platform spotted

      @Return_of_the_jedi Yes, there are.<br><br>Nokia's Symbian devices. My N97 has a C:\ drive, a D:\ drive, and the MicroSD card is mapped as an E:\ drive.<br><br>Given that Symbian's roots are traced back to Psion who tried very hard to copy MS-DOS to make their devices accessible to suits who're used to PCs, tho, it's hardly surprising.

      This is doubly funny when you realized that Nokia's ditching the Symbian platform soon.
    • RE: Fake antivirus for mobile platform spotted

      Recently was infected with a similar virus on my desktop, it appears to have infected Malewharebytes so could not operate it to remove the problem
  • too funny

    No, well my wm6.1 uses nothing like that above: c:\
    - but hey, it could have changed for that wm6.5 & later.
    T Mike
  • Number of Socially-engineered Mobile Malware Will Skyrocket

    I believe we are going to see an explosion of socially-engineered mobile malware in the remainder of 2011/2012. There is now more than enough critical mass in both the iPhone and Android markets to justify the effort required to create this malware and the thieves sense an opening, left by both the hyper-social nature of mobile computing as well as the general lack of a perceived threat.
    John Westra
  • I wondered when......

    I work in computing, and I frankly did wonder how long it would be before the evilware coders started attacking the mobile platforms. After all, there are so many billion of them in the world.....it's a huge untapped scam opportunity. Or was.
  • Thank you Microsoft.

    For more disruption due to your incompetent products.
    • Re: Thank you Microsoft

      @james347 How can you blame this on Microsoft ? Did they create or distribute this virus ? They didn't even create the emulator that it is displayed on.
      • Why blame Microsoft for anything? Right?

        @coopejx@... After all, they just get their money and run. They can always get Ed to write another article dismissing Microsofts' culpability. If you know anything about Quality Assurance, you know that MS is the pitts. They don't accept responsibility or ownership for anything, even their own OS. After all, Anti-Virus companies and users are responsible for MS defects. Amazing dichotomy at work here, and most surprising is the number of people that go along with it. Wait till the botnets start pounding WP7 for some real gnashing of teeth.<br><br>It is very interesting to see the results of MS propaganda here in these comments. Actually very scary to see how much people can be manipulated.

        Ms is viewed as the innocent victim. Where did that come from?
    • RE: Fake antivirus for mobile platform spotted

      @james347 Did you thank Nissan when your Stanza was stolen? What about the US Mint when your jar of pennies was taken off your desk?

      You might be better off if you just quit your bellying and grow up.