4 Replies - 2131 Views - Last Post: 03 February 2015 - 07:34 AM

#1 no2pencil   User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6727
  • View blog
  • Posts: 31,156
  • Joined: 10-May 07

Scareware App Downloaded Over a Million Times from Google Play

Posted 23 January 2015 - 10:56 AM

“AntiVirus for Android™” was developed by a company named “CTG Network Ltd.”. According the (now removed) Google Play listing, the app was downloaded and installed between 1 million and 5 millions times. Before the removal it had also received 5,162 recommendations and 16,531 reviews that resulted in an average score of 4.0. According to AppBrain, the app was also listed in top 30 of Top Grossing Apps in Tools category in United States, Japan, France and South Korea.

Posted Image

When a user opens the app, it will always report that it has located two or three threats on the device, including the following:
Android.Lotoor.C, a popular root exploit program,
Android.Metasploit.C, a security penetration testing tool, and
Android.Plankton.C, an old Android Trojan.

Posted Image

If the user clicks the “Repair” button, the apps will indicate that one of the threats was eliminated and advise the user to upgrade to its full version to remove the remaining threat(s). If the user clicks the “Update to Full Protection” button they will be prompted to subscribe to a service that costs $4.99 (US) per month through In-App Purchase of Google Play

Posted Image

Through analyzing the app’s code we discovered a multiple indications that this program was not a legitimate Antivirus program, but actually Scareware. First, the initial “threats detection results” are hard-coded in the app, which means the app wasn’t actually detecting them on the phone. The developer even directly named these “infected packages” as “fake.virus” in the source code.

Posted Image

Since the detection result is fake, the subsequent cleaning is not real either – the elimination operation is just marking a flag of “initial_virus_cleared” to “1” in the app’s internal database. The code shows that the “We have eliminated 1 of %d Threat(s)” message is also hard coded.

Posted Image

One interesting difference between this program and other Fake AV apps is “AntiVirus for Android™” will actually provide real antivirus services to paid users. The app integrates a mobile antivirus engine provided by Bitdefender and if users upgrade to the premium version, it will scan apps and the device’s SD card with that engine. This is the main reason we classify the program as Scareware rather than just Fake AV.
It is not clear whether the integrated BitDefender AV engine is actually licensed to the app’s developer. The engine retrieves code updated and new signatures updating from hxxp:// api.androidsantivirus .com /antivirus/android-arm, which is hosted on the app’s official website.

Posted Image

In March of 2014, a Fake AV app named “Virus Shield” was listed for sale at $3.99 and quickly rose to the top position of Google Play’s New Paid Apps list. Virus Shield was downloaded over 30,000 times, fare fewer than this latest piece of Scareware, although we do not know how many users actually paid for the $4.99 monthly service before Google removed the app from the store. The fact that AntiVirus for Android™ contains an actual AV engine makes it more difficult for other programs to identify it as Scareware, as this makes the program appear legitimate. While Google has already removed this application from the Play store, we’ll keep monitoring the latest Android apps to make sure WildFire is providing the best protection for our customers.

[ Full Story ]

Is This A Good Question/Topic? 1
  • +

Replies To: Scareware App Downloaded Over a Million Times from Google Play

#2 modi123_1   User is offline

  • Suitor #2
  • member icon



Reputation: 14768
  • View blog
  • Posts: 59,038
  • Joined: 12-June 08

Re: Scareware App Downloaded Over a Million Times from Google Play

Posted 23 January 2015 - 10:58 AM

FFS - the stuff, the money I could rake in, I could do if I had less scruples.
Was This Post Helpful? 1
  • +
  • -

#3 no2pencil   User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6727
  • View blog
  • Posts: 31,156
  • Joined: 10-May 07

Re: Scareware App Downloaded Over a Million Times from Google Play

Posted 23 January 2015 - 11:15 AM

Sell enough of your ethics, & you could even work for Microsoft ;)
Was This Post Helpful? 1
  • +
  • -

#4 modi123_1   User is offline

  • Suitor #2
  • member icon



Reputation: 14768
  • View blog
  • Posts: 59,038
  • Joined: 12-June 08

Re: Scareware App Downloaded Over a Million Times from Google Play

Posted 23 January 2015 - 11:17 AM

I can easily keep my ethics and work for MS.
Was This Post Helpful? 0
  • +
  • -

#5 depricated   User is offline

  • Nero


Reputation: 2482
  • View blog
  • Posts: 6,168
  • Joined: 13-September 08

Re: Scareware App Downloaded Over a Million Times from Google Play

Posted 03 February 2015 - 07:34 AM

So you've sold off the important ones then.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1