“Back in the day when I was primarily a PC malware fighter,” wrote Webroot's Nathan Collier, “FakeAV was a prevalent threat that was always coming up with new ways to infect users nearly every other day. I knew it was only a matter of time that the same malware authors would turn mobile. I am afraid those days are upon us.”
This particular trojan was first noticed earlier this month, discovered, according to Symantec, on June 5. At the time, less than 50 infections were known to Symantec; and it was classified as being easy to contain and easy to remove. Manual removal instructions are available at precisesecurity.com.
But in strict terms, this is just another trojan rather than a specific fake anti-virus malware. “I am not sure that we should call this a fake AV,” PandaLabs technical director Luis Corrons told Infosecurity. “It is a typical trojan horse that pretends to be a different thing – in this case an anti-virus. Fake AVs pretend to be an anti-virus in their full extent. They have an anti-virus interface; you can even ‘scan’ files or folders (even though everything is fake); and their main purpose is to tell the users they are infected and need to buy a license in order to clean their computer.”
Describing the malware as anti-virus is a social engineering hook rather than a disguise for genuine fake AV. “The recent and sustained increase of malware for the Android platform has done much to raise awareness of the threat to smartphone users,” explained Trend Micro’s director of security research, Rik Ferguson. “Unfortunately, smartphone owners who are simply trying to do the right thing at lowest cost are finding themselves victimized” by what amounts to a scam designed to install spyware.
“This spy,” says Webroot, “which is being called Android.FakeSecSuit, retrieves incoming sms messages, extracts the phone number and message, and then sends the stolen info off.”
But whether this is fake AV or just more spyware, all agree that genuine fake AV is on its way. “This could be a first approach,” Corrons told Infosecurity. “I am pretty sure we will see some [genuine] FakeAV in Android within a year.”
“Now that the developers of the popular FakeAV malware have entered into the mobile world expect to to see a lot more variations of this… and if they follow the same pattern as they did in the PC world, I mean A LOT!” adds Webroot.