First fake AV app targeting Android users spotted in the wild

Symantec says this fake antivirus app can also act like ransomware to hold the victim's Android device hostage

The first fake antivirus app intended to victimize Android users has been spotted by Symantec, which says this fake A/V app can also act like ransomware to hold the victim's Android device hostage.

Fake antivirus scams have long been a plague hitting Windows-based PCs to try to fool victims into thinking that there's a virus on the PC that the fake A/V can fix -- typically with some money, of course. Symantec says it's now spotted what it believes to be the first known similar type of ruse aimed at Android users through a fake A/V calling itself Android Defender. Android Defender deliberately misrepresents the status of the Android device and also acts like ransomware to hold the Android device hostage.

[ Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. | Get the latest insight on the tech news that matters from InfoWorld's Tech Watch blog. ]

[ RELATED:FBI/IC3 says online mug shot 'extortion' a growing problem
MORE:Ransomware leverages victims browser histories for increased credibility]

Unfortunately, the Android Defender fake antivirus app is a program that the victim would have mistakenly installed.

"Once the malicious app has been installed, user experience varies as the app has compatibility issues with various devices," Symantec said on its official blog today. "However, many users will not have the capability to uninstall the malicious app as the malware will attempt to prevent other apps from being launched. The threat will also change the settings of the operating system. In some cases, users may not even be able to perform a factory data reset on the device and will be forced to do a hard rest which involves performing specific key combinations and/or connecting the device to a computer in order to perform a rest using software provided by the manufacturer."

If they are "lucky," some users may be able to perform a simple uninstall due to the fact that the app may crash when executed because of compatibility issues, Symantec says. "The malicious app is quite buggy right now, but it's clear the group is working on it and it's another indicator that what we've seen on the PC that is effective, we're going to see those attacks eventually on mobile devices," according to Symantec.

Symantec adds: "The apps were found on third-party websites. Some came disguised as a version of Skype that would allow you to make free phone calls, and when you installed it took you to the fake antivirus." That version was described in a video posted in the blog, describing how a fake A/V can lock up a device.

It's all just growing evidence that malware writers have begun flocking to the Android platform to carry out their evil deeds -- even if open source Android's own issues with fragmented operating systems from Android device manufacturers don't provide malware writers with a wholly uniform platform for malware execution as they might like. The growing Android malware problem is also providing traditional anti-malware vendors, such as Symantec, with a new market for mobile-device anti-malware protections.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Read more about wide area network in Network World's Wide Area Network section.

This story, "First fake AV app targeting Android users spotted in the wild" was originally published by Network World.

Copyright © 2013 IDG Communications, Inc.

How to choose a low-code development platform