Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Antivirus Scams Spread To Android

Posted by timothy on from the spreading-the-joy dept.

SharkLaser writes "Fake antivirus scams have plagued Windows and Mac OS X during the last couple of years. Now it seems like such scams have spread to Android. Fake antivirus scams on Android work the same as they do on PC's — a user with an Android phone downloads an application or visits a website that says that the user's device is infected with malware. It will then show a fake scan of the system and return hard-coded 'positives' and gives the option the option to buy antivirus software that will 'remove' the malware on the affected system. Android, which is based on Linux, has been plagued with malware earlier too. According to McAfee, almost all new mobile malware now targets Android. Android app stores, including the official one from Google, has also been hosting hundreds of trojan applications that send premium rate SMSes on behalf of unsuspecting users."

9 of 236 comments (clear)

  1. Antivirus as a sign of failure by bonch · · Score: 5, Insightful

    I always believed that the day antivirus software becomes a universally accepted requirement the way it is on Windows is the day the platform has failed and missed the whole point of mobile operating systems. The point is to get away from the big mess of the desktop--the constant maintenance, driver updates, antivirus updates, defragmenters, and other utilities. Mobile operating systems are an opportunity to use a computer just to get things done, not to maintain the computer. That's what was so refreshing about the experience of the using the iPad and why it was such a surprise success to everyone including me.

    1. Re:Antivirus as a sign of failure by buchner.johannes · · Score: 5, Insightful

      Which is why sudo is being replaced by a policy-based system (some users may have package install rights, network configure rights etc.).

      --
      NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
    2. Re:Antivirus as a sign of failure by Anonymous Coward · · Score: 4, Insightful

      Damn, man, if you'd bothered to run Linux/FLOSS all this time, you could have just fscking ignored the whole malware situation entirely, as I've been able to FOR THE LAST TWO DECADES!

      Two decades ago, you had to edit XF86Config just to get your scroll wheel working, and you could fry your monitor if you entered the wrong clock rats. Linux on the desktop has been a disaster up until just a few years ago, and it still has yet to catch up to the big boys. It's a server/embedded OS. There's nothing wrong with that!

      Also, /facepalm at the downmods of the OP.

    3. Re:Antivirus as a sign of failure by Goaway · · Score: 5, Insightful

      Which does absolutely nothing when computers on average have one user.

    4. Re:Antivirus as a sign of failure by stephanruby · · Score: 4, Insightful

      I always believed that the day antivirus software becomes a universally accepted requirement the way it is on Windows...

      That day occurred when Outlook would run malicious scripts by default found in received email messages, that had access to the entire OS/hard drive, without any needed user intervention.

      For Android, I'm not sure that day has arrived yet, the article is derived from the press release of an antivirus company. Of course, it's going to imply that you absolutely need to buy *their* product (instead of using a little bit of street sense).

      Now never mind that Google already has the capability of uninstalling malware from Android that was previously downloaded from their Market (or that you can already download a "Kid Mode" launcher to prevent your kids from installing anything, or just press a button to reset your phone to wipe everything and restore it to its factory settings). Does McAfee think it can act much faster than google in identifying and removing malware? Personally, I doubt that. And never mind that an Android user actually has to locate and tick the checkbox for installing apps from unknown sources (which AT&T doesn't let you do anyway), and then has to accept the permissions to install the application in the first place.

      It's not like on the iPhone/iPad where you just need to go to a web page with some jpeg image on it and then your iDevice is magically rooted, and then the iPhone user is free to install any type of malware he wants (McAfee or no McAfee). That's one of the reasons that the McAfee anti-virus software on iOS is even more useless on iOS than on Android, since it can't run in the background and it can't even be scheduled to run at different times. On iOS, it couldn't prevent you from going to a malicious site even if it wanted to.

    5. Re:Antivirus as a sign of failure by w0mprat · · Score: 4, Insightful

      Before anyone claims iOS is "secure" and free from malware, Chris Miller, a security researcher managed to get a malicious app APPROVED by Apple, then go on to demonstrate it taking over a phone. IMHO Apples process helps but, actually lulls users into a false sense of security, which undoes some of the benefits. Security has always been 90% a user education problem. Apples actually made some of that worse.

      (Nevermind that objective-C is an obscure language and Apple just could feasibly review every single line of code. It's not logistically possible.)

      Android has a pretty sophisticated security model, compared to anything running the desktop space. Actual root never needs to be given up for a huge range of modifications to the system. There's policy based access so users can see and restricted what apps will have access to. Apps also run in their own userid and can be restricted from accessing the users data. Brilliant stuff.

      So if the platform has malware on it, and it's the most secure thing out there in the mainstream... then what is wrong?

      Due to it's popularity Android is a juicy target for the malware ecosystem, and like natural ecosystems, it'll adapt to any hardened defenses if there's nourishment to be had. Google was silly to not fully anticipate this.

      For now there is no actual need for anti-virus anti-malware tools on Android for most users. But as always, the problem is a user education problem.

      --
      After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
  2. Still going on by Pop69 · · Score: 4, Insightful

    The weekly/monthly stories that try to implant into peoples minds.

    Android = Linux = Malware

    Users are stupid whatever OS/Hardware they use, they will click on shit like this just because it pops up and they've never bothered to educate themselves about what it really means.

    1. Re:Still going on by frank_adrian314159 · · Score: 4, Insightful

      ... they will click on shit like this just because it pops up and they've never bothered to educate themselves...

      We have decades of observed behavior showing that users will not "educate themselves". As such, any consumer-facing system that requires users to "educate themselves" is de facto broken and, frankly, poorly designed.

      --
      That is all.
  3. Re:Too open for its own good by macs4all · · Score: 4, Insightful

    Walled Gardens are the TSA Security Theater of the mobile space (coming soon to a PC near you!)

    Not hardly.

    When you talk about the TSA, there are literally hundreds of examples of the TSA not catching "banned items". WIth the iOS App Store, there have been what, one or two completely benign "breaches" in three years?

    Hardly a fair comparison.

    And, when compared with the track record of Android, even in the supposed "official" Android App Store, you would be bat-shit crazy to seriously suggest that Apple's curating of the App Store is "theater".