Oh wait, that’s not what I wanted!

Denis Konopiský 15 Aug 2012

Oh wait, that’s not what I wanted!

Got a brand new smartphone and want to be protected from all the dangerous malware that’s out there? So you go and get some Android antivirus software. But, what you don’t know is that you just got tricked. And, it’s going to cost you some money. Yes, even if you downloaded if for free.

The latest trend in Android malware is to hide behind something that seems to be legit. Guys at GFI Labs pointed that out, so let’s take a closer look behind the scenes and add some interesting info from the AVAST Virus Lab’s perspective. Imagine yourself as a virus maker. You create an app that will do something evil like steal or delete people’s texts (you’re a nice virus maker), or you want to milk the cow even more and you create an app that’s going to get you some money from the victim by making it silently send text messages to premium-rate phone numbers.

But, how do you spread your evil milking machine among Android users? Just take a look at the apps that are already popular and trusted, like Angry Birds, Opera Browser, or even better, an antivirus app! What can feel safer than installing antivirus on your phone, right? So you take your evil app and make it look, for example, like avast! Mobile Security or any other antivirus suite. Then you make it available for free download, easy to find, placed on a web page that is not guarded like the Play Store, Amazon App Store, or any other genuine Android market. Most of the people only download apps from these genuine stores, but there are always some of them that somehow get tricked or that are just unlucky and run into some fraudulent apps like the one I’m talking about.

Let’s take a closer look at one of the cases. Android:FakeInst-AB

Android FakeAV Website

Here is a webpage () that offers probably all of the most popular antivirus apps for Android, as you can see in the list on the left. You click one of them and get to a description page where you get a download link with the “antivirus” apk package.

When you click through all the antiviruses on the page and download all the packages, they’re all pretty much the exact size. That’s odd, isn’t it? So you take one and install it.

As you can see, it claims it’s avast! but the icon doesn’t look right – it’s not even our logo. The name of the application reads com.software.application which also doesn’t seem like avast!

What the application does is far away from protecting you. You’ll be very surprised by your phone bill. It quietly sends premium-rate SMS messages that will cost you a lot of money without you noticing anytime sooner than after you see the bill.

So, what can you do to protect yourself the right way?

Get your antivirus from genuine websites and don’t look at odd, 3rd-party websites like this one. The best way is to download from Google Play via the Play Store directly from your smartphone. You don’t have to have other antivirus installed on the phone before downloading another just to be sure you won’t get tricked. That’s crazy. Pick your favorite antivirus for your smartphone, go to the vendor’s site, and you can be sure you’ll get the protection you asked for.

If you downloaded this virus with your PC, don’t worry. avast! is detecting this bad guy as Android:FakeInst-AB for half a year now, and since the domain was created on 4/13/2012, you were safe from the start.


Additional information:

Virus filename: avast_1_0_2129_install.apk

SHA256: CEDA286E4DBB288C7C30BBFD1B09A366F075562BE35BAC63A111B566023669F5



Related articles

--> -->