Yup, the Android app store is full of useless, unwanted anti-WannaCry apps

Let’s hope they don’t morph into something more dangerous…

David bisson
David Bisson
@
@DMBisson

Yup, the Android app store is full of useless, unwanted anti-WannaCry apps

Apps claiming to protect Android users against WannaCry ransomware are popping up on Google Play, but all of them are a bunch of hogwash.

Type “WannaCry” into Google Play, and you’ll come across several apps dedicated to the ransomware family that took the world by storm on 12 May.

Screen shot 2017 05 24 at 8.36.41 am
Screen shot of “WannaCry” Google Play search 24/05/17.

WannaCry swept across 150 countries and more than 200,000 organizations by exploiting a security flaw on unpatched Windows machines using attack code developed by the NSA and leaked by the Shadow Brokers. In other words, the ransomware targeted vulnerable versions of Microsoft‘s software. It has definitely not somehow spread to Google’s Android mobile OS as of this writing.

Sign up to our free newsletter.
Security news, advice, and tips.

Still, that hasn’t stopped some Android developers from seizing on the fervor to promote fake WannaCry protection apps.

Fernando Ruiz, a security researcher at McAfee, took a look at some of these programs. Many are harmless wallpaper apps. But others (such as one named wannacry.ransomware.protection.antivirus) are a bit more sophisticated. That particular app leverages a warning message to trick users into downloading sponsored programs that in turn display ads.

Unnamed

Ruiz provides more details about WannaCry Ransomware Protection:

“All the ‘features’ offered by WannaCry Ransomware Protection are fake; the only function in this app is a repacked scanner that can detect the presence of a few ad libraries. For that reason and in spite of the preceding warning message, it is clear the developers put little time into this development. We rate the app as Medium Risk (SHA256 hash f9dabc8edee3ce16d5688757ae18e44bafe6de5368a82032a416c8c866686897).”

The app doesn’t have too many bad reviews, either, which further lends to an appearance of legitimacy.

Screen shot 2017 05 24 at 8.54.07 am

It’s tempting to get swept up in something like the WannaCry attacks and download an app. But that’s exactly what fraudulent developers want you to do. We’ve seen it before with games like Minecraft, Super Mario Run, and Pokémon Go. All these apps capitalized on Android users’ excitement, and all of them downloaded much worse threats than potentially unwanted programs (PUPs).

Acknowledging criminals’ exploitation of events like WannaCry, it’s important that Android users don’t go installing apps for no reason. They’d be better served boosting their mobile security overall by downloading a anti-virus solution onto their devices, downloading apps only from Google’s Play Store, and not doling out superuser rights except to only the most trusted of apps.


David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

4 comments on “Yup, the Android app store is full of useless, unwanted anti-WannaCry apps”

  1. John

    And where is Google? One thing is to let in malevolent apps into the Play store by accident, but it seems to me that the Google's oversight in its store is as non-existent as it can be.

  2. beachbubba

    I thought WannaCry (WannaCrypt) was something that affected only certain versions of the Windows OS. I was not aware that it was also being used to attack Android.

    1. Graham CluleyGraham Cluley · in reply to beachbubba

      You're correct. WannaCry only infects Windows computers.

      Hence we know that any Android app offering WannaCry protection is useless and unwanted. :)

    2. Chris · in reply to beachbubba

      The article states that these apps on Android are useless because Wannacry only affects Windows. That's pretty much the point of the article.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.