The shady but usually profitable world of fake antivirus software has arrived on mobiles with the discovery of a nameless Russian language app that claims its victims’ smartphones have become infected with malware.
Discovered by CA, and apparently running on Windows Mobile, this example counts as a pretty crude one by established standards of trickery. The malware is naively similar to the sort of anti-malware programs found in the very different Windows desktop environment, and poorly attempts to impersonate security software from Kaspersky Lab.
In fact, the program bears little resemblance to any of Kaspersky Lab’s mobile anti-malware software beyond the crude use of the company’s logo.
As with any fake antivirus software, the program performs a fake malware scan before displaying two error codes that users are supposed to take as evidence of infection. How the criminals behind the attack get money from the scam is not clear but could involve phoning a number or contacting an email address to decode the phantom problems.
One missing piece of information is how victims are coming into contact with the app which would be highly unlikely to go unnoticed on accredited application sites.
The Russian app is trivial and will never threaten non-Russian users but it does indicate a desire by East European gangs to target mobiles with bogus antivirus scams. That could prove difficult but not impossible. CA doesn’t state which platform the app was found on but it appears to be Windows Mobile from the published screenshots, a legacy platform that nevertheless still has a sizable user base.
The fear is that criminals will start impersonating security applications more convincingly, especially those offered free of charge from unofficial app sites on newer platforms. Such impersonation has already started happening with Android gaming applications reverse-engineered in Java.