FakeAV for Android! There you are!

by

Share this news now.

By Nathan Collier

Every super hero has an arch nemesis. For a lot of Threat Researchers, including myself, Rogue Security Products, or better known as FakeAV, is theirs. Back in the day when I was primarily a PC malware fighter, FakeAV was a prevalent threat that was always coming up with new ways to infect users nearly every other day. I knew it was only a matter of time that the same malware authors would turn mobile. I am afraid those days are upon us. How could I ever forget such an identifiable logo:

“Android Security Suite Premium”… yeah, right!  This spy which is being called Android.FakeSecSuit   retrieves incoming sms messages, extracts the phone number and message, and then sends the stolen info off:

As you can see in the GET command from the PCAP, highlighted in blue is the phone number and message I sent to my test phone now being sent off to a site.

Now that the developers of the popular FakeAV malware have entered into the mobile world expect to to see a lot more variations of this… and if they follow the same pattern as they did in the PC world, I mean A LOT! We are seeing it in Torrents and/or alternative markets. Remember, when downloading Android apps choose them wisely and download  from a trusted source. Check reviews, research the developer and verify  permissions requested before downloading. And of course, scan with Webroot SecureAnywhere Mobile.


Share this news now.
FakeAV for Android! There you are! by

Tags:



About the Author

Name: Nathan Collier
Role: Retired ThreatBlog Member

Share this news now.

Nathan was a Senior Threat Research Analyst for Webroot, having been with the company since October 2009.  He started has career working on PC malware, but now spends most of his time in the mobile landscape researching malware on Android devices.  Because of his early adaptation to mobile security, Nathan has seen the exponential growth of mobile malware and is highly experienced in protecting Webroot customers from mobile threats. He also enjoys frequently traveling with his flight attendant wife, Megan, and is a competitive endurance mountain bike racer in Colorado.


Share this news now.
FakeAV for Android! There you are! by

Trackbacks

  1. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  2. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  3. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  4. [...] logo, » Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. « Now that the developers of the popular FakeAV malware [...]

  5. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  6. [...] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have [...]

  7. [...] did not disclose where they had retrieved their APK samples; however, researchers over at Webroot found the Android Security Suite Premium app lurking in torrents and/or third-party Android [...]

  8. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  9. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  10. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  11. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  12. [...] identifiable logo," Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. "Now that the developers of the popular FakeAV malware have entered [...]

  13. [...] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have [...]

  14. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  15. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  16. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  17. [...] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have [...]

  18. [...] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have [...]

  19. [...] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have [...]

  20. [...] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have [...]

  21. [...] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have [...]

  22. [...] part of the modern cybercrime ecosystem. From ATM skimmers with SMS notification next to fake antivirus scanners for Android users, the growth of the mobile malware segment is pretty [...]