Apps claiming to protect Android users against WannaCry ransomware are popping up on Google Play, but all of them are a bunch of hogwash.
Type “WannaCry” into Google Play, and you’ll come across several apps dedicated to the ransomware family that took the world by storm on 12 May.
WannaCry swept across 150 countries and more than 200,000 organizations by exploiting a security flaw on unpatched Windows machines using attack code developed by the NSA and leaked by the Shadow Brokers. In other words, the ransomware targeted vulnerable versions of Microsoft‘s software. It has definitely not somehow spread to Google’s Android mobile OS as of this writing.
Still, that hasn’t stopped some Android developers from seizing on the fervor to promote fake WannaCry protection apps.
Fernando Ruiz, a security researcher at McAfee, took a look at some of these programs. Many are harmless wallpaper apps. But others (such as one named wannacry.ransomware.protection.antivirus) are a bit more sophisticated. That particular app leverages a warning message to trick users into downloading sponsored programs that in turn display ads.
Ruiz provides more details about WannaCry Ransomware Protection:
“All the ‘features’ offered by WannaCry Ransomware Protection are fake; the only function in this app is a repacked scanner that can detect the presence of a few ad libraries. For that reason and in spite of the preceding warning message, it is clear the developers put little time into this development. We rate the app as Medium Risk (SHA256 hash f9dabc8edee3ce16d5688757ae18e44bafe6de5368a82032a416c8c866686897).”
The app doesn’t have too many bad reviews, either, which further lends to an appearance of legitimacy.
It’s tempting to get swept up in something like the WannaCry attacks and download an app. But that’s exactly what fraudulent developers want you to do. We’ve seen it before with games like Minecraft, Super Mario Run, and Pokémon Go. All these apps capitalized on Android users’ excitement, and all of them downloaded much worse threats than potentially unwanted programs (PUPs).
Acknowledging criminals’ exploitation of events like WannaCry, it’s important that Android users don’t go installing apps for no reason. They’d be better served boosting their mobile security overall by downloading a anti-virus solution onto their devices, downloading apps only from Google’s Play Store, and not doling out superuser rights except to only the most trusted of apps.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
4 comments on “Yup, the Android app store is full of useless, unwanted anti-WannaCry apps”
And where is Google? One thing is to let in malevolent apps into the Play store by accident, but it seems to me that the Google's oversight in its store is as non-existent as it can be.
I thought WannaCry (WannaCrypt) was something that affected only certain versions of the Windows OS. I was not aware that it was also being used to attack Android.
You're correct. WannaCry only infects Windows computers.
Hence we know that any Android app offering WannaCry protection is useless and unwanted. :)
The article states that these apps on Android are useless because Wannacry only affects Windows. That's pretty much the point of the article.