Beware of “Android Defender” Scareware

Sophos experts have taken a close look at how the threat works

By on May 31st, 2013 08:51 GMT

Scareware, the fake antivirus programs that help cybercriminals make a profit by tricking victims into thinking their devices are infected with all sorts of threats, are not uncommon on desktop computers. However, experts have found that crooks are also developing mobile variants.

Sophos experts have recently analyzed a piece of scareware named Android Defender. The bogus application informs victims that their Android smartphones are infected with malware, Trojans and viruses.

According to Sophos’ Paul Ducklin, the fake antivirus app crashes a lot, so he couldn’t determine how much the “activation” – the process that makes it appear as if all the threats have been removed – costs.

However, the developer has implemented some mechanisms to make it look like a legitimate Android security app.

The names of the bogus threats are displayed randomly from a database containing the names of real malware. The app also comes with a privacy manager tool and it even pretends to update its signature database once a day.

To make it even more genuine looking, the pattern database’s size appears to increase with each update, but in reality, it’s nothing more than a Java pseudorandom number generator that works behind the scenes.

Take a look at the picture gallery below to see what Android Defender looks like. In case you’ve installed it, be sure to remove it immediately.

Android Defender scareware (8 Images)

Gallery Image
Gallery Image
Gallery Image
Gallery Image
Gallery Image
Gallery Image
Gallery Image
Gallery Image