Watch out for Android Defender mobile Scareware
Scareware meant at mobile users is not nearly as everywhere as that directed at those who use Windows-run PCs. However, there is some out there.
Modified Android Defender, the app simulates finding a host of malware on the user’s Android device, and then claims them to “Buy and eliminate threats”.
Most of the malware names used are actually those of existing threats, so they will certainly sound familiar and they add to the false impression.
“But it’s all smoke and mirrors. You don’t have to be a Java coder, or even a programmer at all, to spot in the source code below that the app is using the Math.random() function to build up a list of virus names to report later,” says Ducklin. “The malware identifiers are field-updatable, stored in Russian and in English in an XML data file that is part of the malware’s APK file.”
It’s attractive to note that while the app itself is buggy and rarely crashes or won’t allow victims to buy the full version and trigger it, it finally does confirm the sale and “shows” that the malware has been removed.
It’s also interesting to see that its authors have thought about making the app pretend to update malware signatures every day, as well as build into it a “half-hearted” privacy manager tool.
Unfortunately, not only do victims lose their money by buying it, but are also lulled into a false sense of security.
Ducklin advises users to download and install a genuine AV solution and to disallow (Security Settings, uncheck the “Unknown sources” option) the installation of apps from unknown sources to prevent something like this from happening in the first place.