062113androiddefender500
Software & Web Development

First ransomware app targeting Android devices spotted in the wild, Symantec says

The first fake antivirus app intended to victimize Android users has been spotted by Symantec, which says this fake A/V app can also act like ransomware to hold the victim's Android device hostage.

Fake antivirus scams have long been a plague hitting Windows-based PCs to try to fool victims into thinking that there's a virus on the PC that the fake A/V can fix -- typically with some money, of course. Symantec says it's now spotted what it believes to be the first known similar type of ruse aimed at Android users through a fake A/V calling itself Android Defender. Android Defender deliberately misrepresents the status of the Android device and also acts like ransomware to hold the Android device hostage.

[ RELATED:FBI/IC3 says online mug shot 'extortion' a growing problem 

MORE:Ransomware leverages victims browser histories for increased credibility]

Unfortunately, the Android Defender fake antivirus app is a program that the victim would have mistakenly installed.

"Once the malicious app has been installed, user experience varies as the app has compatibility issues with various devices," Symantec said on its official blog today. "However, many users will not have the capability to uninstall the malicious app as the malware will attempt to prevent other apps from being launched. The threat will also change the settings of the operating system. In some cases, users may not even be able to perform a factory data reset on the device and will be forced to do a hard rest which involves performing specific key combinations and/or connecting the device to a computer in order to perform a rest using software provided by the manufacturer."

If they are "lucky," some users may be able to perform a simple uninstall due to the fact that the app may crash when executed because of compatibility issues, Symantec says. "The malicious app is quite buggy right now, but it's clear the group is working on it and it's another indicator that what we've seen on the PC that is effective, we're going to see those attacks eventually on mobile devices," according to Symantec.

Symantec adds: "The apps were found on third-party websites. Some came disguised as a version of Skype that would allow you to make free phone calls, and when you installed it took you to the fake antivirus." That version was described in a video posted in the blog, describing how a fake A/V can lock up a device.

It's all just growing evidence that malware writers have begun flocking to the Android platform to carry out their evil deeds -- even if open source Android's own issues with fragmented operating systems from Android device manufacturers don't provide malware writers with a wholly uniform platform for malware execution as they might like. The growing Android malware problem is also providing traditional anti-malware vendors, such as Symantec, with a new market for mobile-device anti-malware protections.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email: emessmer@nww.com.

Read more about wide area network in Network World's Wide Area Network section.

PREVIOUS ARTICLE

« New Wi-Fi coming in waves, but surf at your own risk

NEXT ARTICLE

Digital Reading Room: Word power »
author_image
IDG News Service

The IDG News Service is the world's leading daily source of global IT news, commentary and editorial resources. The News Service distributes content to IDG's more than 300 IT publications in more than 60 countries.

  • Mail

Recommended for You

Trump hits partial pause on Huawei ban, but 5G concerns persist

Phil Muncaster reports on China and beyond

FinancialForce profits from PSA investment

Martin Veitch's inside track on today’s tech trends

Future-proofing the Middle East

Keri Allan looks at the latest trends and technologies

Poll

Do you think your smartphone is making you a workaholic?