Fake anti-virus software fraud shifted to Android, to become more popular in 2012

A fake antivirus software fraud that was once targeted to Windows users and Macintosh users is now shifting the target to Android users. At Kaspersky Laboratory, we are alarming that more cybercriminals will target Android in 2012.

Android malware: new traps for users - Securelist

If you have a smartphone you can do almost the same work without having to take out the notebook PC, so we have the same weakness as PC.

In the case of fake anti-virus fraud, when downloading an application to an Android terminal or visiting a website infected with malware, it behaves as if it scans the system, shows a "positive" response, and can delete anti-malware Shows options to purchase virus software.

Famous as an anti-virus software vendorMcAfeeAccording to Malware for mobile terminals mostly target the Android market.

Android malware: new traps for users - Securelist

Mr. Dennis Maslenikov of the Kaspersky Laboratory famous for anti-virus software points out that the online fraud group is targeting Android users using fake virus scanning software and anti-virus software. On the Android Market, Google official apps are also being delivered, but hundreds of "Trojan horseIt is also delivered.

Cyber ​​criminals use their "black" SEOs to display their websites above the results of the search, fake scans of users who came to see the website, "anti-virus software Please install ". We have been diverting this technique, which was previously for PC users, for mobile use now.

As an example, we will create a site designed to mimic popular applications for mobile.

Screen entitled "Opera Mini Virus Scanner".


This is said to be "Android Virus Scanner".


Both of these sites say "The device may be infected with a virus" "Someone may access personal data" "Please check if it is infected with malware" I will come.


At this point, nothing happens yet, but then you can click on "Activate antivirus software" to download the file "VirusScanner.apk". This is a Trojan - SMS.AndroidOS.Scavir. Trojan horse. If it is not Android, you can download a file called "VirusScanner.jar" (Trojan-SMS.J2ME.Agent.ij. Trojan) in the same way.


After installation, the icon "installer" appears on the home screen. This icon itself uses Kaspersky icon.


Here is the setting screen of that fake application. If you want to continue using it, you are told to press the "Continue" button, but if you press it, you will be connected to the paid information service without permission.


These mobile malware technologies are not particularly rare, and in 2012 many more things will come out, Ms. Ms. Renkoff said.

Because Japanese are not very aggressive in introducing foreign language software, there are not many people who mistakenly put such Russian software, but in the same way fake software corresponding to Japanese also continues Because it appears, please do not think "Only you are OK", please be careful.