The Android malware threat is growing.
As financially-motivated cybercriminals realise there’s a real opportunity to make money, so we are seeing more attacks created and distributed which target Android devices.
And it’s no surprise to see similar social engineering tricks that have worked on other operating systems in the past also being used on the Android platform.
Like fake anti-virus, for instance.
As our friends at GFI described earlier this week, criminals spammed out links via Twitter pointing to webpages that contained a rogue app posing as a legitimate virus scanner.
SophosLabs researcher Vanja Svajcer investigated the case, and discovered the .ru domains pointed to the same IP address hosted in Ukraine.
When visited, the webpages determine whether it would be more appropriate to serve up a Java ME .jar file (for phones which are “not-so-smart”) or an Android .apk.
Depending on the URL you click on and URL parameters, you might be prompted (in Russian) to install fake updates for a variety of products including the Opera browser and Skype.
Or you might be presented with a page which prompts you to run a security scan on your phone. Of course, the anti-virus “scan” it initiates is completely fake, and is designed to frighten you into installing an app onto your phone.
The look of the fake anti-virus scans can vary. Here’s another version, which has adopted a more traditional “Android green” theme:
All of this subterfuge is being undertaken, of course, for just one purpose: to trick you into downloading and installing an app onto your Android phone.
In this case, the program pretending to be an anti-virus app has even stolen an icon to trick the unwary into believing it may have been coded by Kaspersky.
If you went ahead and installed the app onto your mobile, it would attempt to send expensive SMS messages to premium rate services, and has the ability to download and install further code from the internet onto your Android smartphone.
Sophos products detect these latest threats as members of the Andr/Boxer family of malware.
Thanks to SophosLabs researcher Vanja Svajcer for his assistance with this article.