Related Links

Top 5 Stories


Fake anti-virus comes to Android – or does it?

18 June 2012

Webroot has reported the arrival of fake anti-virus, one of the most prevalent of PC threats, on the Android mobile platform. Beware of the Android Security Suite Premium – it’s a trojan.

“Back in the day when I was primarily a PC malware fighter,” wrote Webroot's Nathan Collier, “FakeAV was a prevalent threat that was always coming up with new ways to infect users nearly every other day. I knew it was only a matter of time that the same malware authors would turn mobile. I am afraid those days are upon us.”

This particular trojan was first noticed earlier this month, discovered, according to Symantec, on June 5. At the time, less than 50 infections were known to Symantec; and it was classified as being easy to contain and easy to remove. Manual removal instructions are available at

But in strict terms, this is just another trojan rather than a specific fake anti-virus malware. “I am not sure that we should call this a fake AV,” PandaLabs technical director Luis Corrons told Infosecurity. “It is a typical trojan horse that pretends to be a different thing – in this case an anti-virus. Fake AVs pretend to be an anti-virus in their full extent. They have an anti-virus interface; you can even ‘scan’ files or folders (even though everything is fake); and their main purpose is to tell the users they are infected and need to buy a license in order to clean their computer.”

Describing the malware as anti-virus is a social engineering hook rather than a disguise for genuine fake AV. “The recent and sustained increase of malware for the Android platform has done much to raise awareness of the threat to smartphone users,” explained Trend Micro’s director of security research, Rik Ferguson. “Unfortunately, smartphone owners who are simply trying to do the right thing at lowest cost are finding themselves victimized” by what amounts to a scam designed to install spyware.

“This spy,” says Webroot, “which is being called Android.FakeSecSuit, retrieves incoming sms messages, extracts the phone number and message, and then sends the stolen info off.”

But whether this is fake AV or just more spyware, all agree that genuine fake AV is on its way. “This could be a first approach,” Corrons told Infosecurity. “I am pretty sure we will see some [genuine] FakeAV in Android within a  year.” 

“Now that the developers of the popular FakeAV malware have entered into the mobile world expect to to see a lot more variations of this… and if they follow the same pattern as they did in the PC world, I mean A LOT!” adds Webroot.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×