A new fake antivirus suite has popped up this time targeting users of mobile operating systems like Android rather than traditional PC based OS's.
Late last week Kaspersky Lab researcher Denis Maslennikov posted details of the new threat on the Kapersky labs Securelist blog. As with traditional variants the new "scareware" or "ransomware" utilizes a replica of legitimate anti malware software to trick users into installing malicious programs that then steal private user information or encrypts hard drives and extorts money from the owner to decrypt the data.
Maslennikov says that cybercriminals are using black SEO for redirecting users to web pages which emulate AV scanning. All a user has to do is a basic Web search for some of the more popular mobile applications, such as the mobile version of the opera Web browser. The users are the redirected to scam Web sites offering "free" virus scans of mobile devices, including Android.
The website then proceeds with a fake scan of the device returning a false "positive" result. In turn encouraging the mobile device user to "activate" security protections on their device by clicking on a link in the scan results. Clicking that link downloads and installs a malicious application that Kaspersky detects as Trojan-SMS.AndroidOS.Scavir for Android. In the case of a non-Android device the user will be asked to download ‘VirusScanner.jar’: a file which is detected by us as Trojan-SMS.J2ME.Agent.ij.
When the application executes , the user is asked to press the ‘Continue’ button if he wants to launch VirusScanner with some options like ‘Turn on multi-level protection’, ‘Disable remote control of a device’ or ‘Turn on web site scanning’. But in fact after pressing ‘Continue’ this app will send SMS messages to expensive premium rate numbers.