14 DAY TRIAL // Security researchers from CA warn of a piece of scareware designed for mobile phones which poses as a legitimate antivirus product from a reputed vendor.
Scareware applications are some of the most common types of computer threats seen today. They are also among the most profitable ones for cyber criminals and help fund other illegal activities.
Such programs pose as legitimate applications, usually security products or system optimization tools, and attempt to scare users into believing their computers have serious issues.
In the case of fake AVs, they display security alerts claiming that multiple infections were detected and need to dealt with.
Of course, the removal attempts fail, at which point the programs ask victims to upgrade to their commercial versions to resolve the problem.
This involves paying money for a completely useless licence and exposing their credit card details in the process.
The fake mobile antivirus program spotted by CA researchers masquerades as an anti-malware product from Russian security vendor Kaspersky Lab.
It is similar in behavior to computer scareware. It starts by asking users if they want to check their phones for viruses. Answering yes prompts a progress bar and a message reading "Checking files..."
At the end of the fake scan, the program plays a sound and claims that two infected files called sys.log and sys.ini were detected. Choosing to remove the files prompts a screen claiming that an error was detected.
"This sample is supposedly spread by some social engineering tricks where the users would have been provided with support numbers/email id to contact to resolve these error codes displayed," CA malware researcher Dinesh Venkatesan notes.
The Russian-language messages displayed by the scareware during its operation are indicative of its origin. A recent report from Fortinet suggested that Russia is the biggest source of mobile threats, with 33% of such malware families being created there.