Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

October 23rd, 2013

No pleasure from this adult app – only pain

A few weeks ago, I discovered and Julia warned you about a fake AVAST application which was infecting smartphones. It was hidden behind adult apps and was pretty nasty. Here is some detailed information about it.

First of all, if you look for adult applications (also known as pleasure applications J ), you can find tons of them.  Some apps, especially those offered on unofficial markets, are infected by malware;  in the case of the fake AVAST app, it was ransomware. The same scenario commonly plays out – after installation when you play the application for the first time, you get infected and blocked from using your phone.  The app asks for money to unblock you phone. That’s typical ransomware behavior.

The clues are easy to spot

You are looking for a adult application and run across something called AVASTME.NOW.  What the hell is going on here, you might think? The fact that an adult app is named after the world’s most trusted antivirus might be your first clue that something is wrong. But you install the app, even though it’s a pretty weird name for an app designed for adults. Luckily, after the installation you get an icon on your device called Porn Hub, so you start to feel satisfied you actually got what you were looking for. So let’s play it!

icon

But this satisfied feeling does not stay forever. After the first few clicks, the application announces your phone must be checked for viruses. That‘s the second big clue that something might be wrong. Normal applications do not check your phone for viruses.  But you don‘t have any choice, so you continue. That’s when you see a fake avast! Mobile Security interface which is almost identical to the original.

install 3

fakeAvast4install2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Here comes a third clue for sharp-eyed users: All the detections you see on the screen use a different format than AVAST. But it‘s already too late to stop the app. In the next step, you are asked to pay $100 to clean up your phone.  And your device is locked.

fakeAvast5fakeAvast7

Sloppy, but effective

This ransomware is easily packed, and it’s apparent that the creators tried to do it as quickly as possible. Strings of detections don‘t have any kind of background, and it appears that it used randomly generated names from multiple antiviruses, as you see in the screenshot  below. They were even too lazy to clean up unnecessary icons from the package, so you can find a picture of a cat in it (maybe it‘s the unhappy cat of some of the creators? :)) Even though the app was sloppily done, the cybercrooks were successful and earned/stole large sums of money.

kocka11

This is just one example of the many applications out there waiting to steal money from you. It doesn’t have to be for adults only; basically any application might be misused against you. That‘s why everyone should be a careful and download applications only from trusted sources.  Because malware like this is increasing, it especially prudent to use some kind of antivirus protection.  We suggest (the authentic) avast! Mobile Security, available from the Google Play store. It’s free! You never know when you will get something like this, so install it today on your Android device.

SHA:
0768724FFD5B78F1F510E5C5C87181534E61A35D04BFCD29946D9DBB305BF275
F9D4CE9174F1A57C3D335E467A5079BF3CA87F00EB6B996B8EAF21E0D6F54BDD

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+.

 

Categories: Android corner, Uncategorized, Virus Lab Tags:
  1. djngal
    October 23rd, 2013 at 18:06 | #1

    First of all, thanks for the info.
    If a phone does get infected after all, is there a way to disinfect it without doing a hard-reset?
    Can someone reboot to safe mode and then uninstall this app?

    • October 23rd, 2013 at 18:58 | #2

      Yes, luckily there is a way. As you mentioned boot up your phone in safe mode and uninstall this application. I didn’t try it with this one particular but generally it should work with “low level” malware. But think is – is it worth a trouble? Its better to have a some kind of prevention.:)

Comments are closed.