Fake Antivirus Scams Spread To Android

← Back to Stories (view on slashdot.org)

Fake Antivirus Scams Spread To Android

Posted by timothy on Sunday January 1, 2012 @09:38AM from the spreading-the-joy dept.

SharkLaser writes "Fake antivirus scams have plagued Windows and Mac OS X during the last couple of years. Now it seems like such scams have spread to Android. Fake antivirus scams on Android work the same as they do on PC's — a user with an Android phone downloads an application or visits a website that says that the user's device is infected with malware. It will then show a fake scan of the system and return hard-coded 'positives' and gives the option the option to buy antivirus software that will 'remove' the malware on the affected system. Android, which is based on Linux, has been plagued with malware earlier too. According to McAfee, almost all new mobile malware now targets Android. Android app stores, including the official one from Google, has also been hosting hundreds of trojan applications that send premium rate SMSes on behalf of unsuspecting users."

22 of 236 comments (clear)

Min score:

Reason:

Sort:

Antivirus as a sign of failure by bonch · 2012-01-01 09:42 · Score: 5, Insightful

I always believed that the day antivirus software becomes a universally accepted requirement the way it is on Windows is the day the platform has failed and missed the whole point of mobile operating systems. The point is to get away from the big mess of the desktop--the constant maintenance, driver updates, antivirus updates, defragmenters, and other utilities. Mobile operating systems are an opportunity to use a computer just to get things done, not to maintain the computer. That's what was so refreshing about the experience of the using the iPad and why it was such a surprise success to everyone including me.
1. Re:Antivirus as a sign of failure by 0100010001010011 · 2012-01-01 10:09 · Score: 4, Informative
  
  Damn, man, if you'd bothered to run Linux/FLOSS all this time, you could have just fscking ignored the whole malware situation entirely.
  You mean like Android? No matter what the adoption rate of Linux or even OpenBSD, you're still going to have dumb users. When you need 'sudo' to install a new app. That same command can be used to install anything.
2. Re:Antivirus as a sign of failure by buchner.johannes · 2012-01-01 10:15 · Score: 5, Insightful
  
  Which is why sudo is being replaced by a policy-based system (some users may have package install rights, network configure rights etc.).
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
3. Re:Antivirus as a sign of failure by chrb · 2012-01-01 10:18 · Score: 3, Informative
  
  When you need 'sudo' to install a new app.
  
  You don't. There have been GUI application installers on Linux for over a decade.
4. Re:Antivirus as a sign of failure by Overly+Critical+Guy · 2012-01-01 10:21 · Score: 5, Funny
  
  "Apple iBaulbes"...check.
  "fscking"...check.
  "Linux/FLOSS"...check.
  "Jeebus"...check.
  Ayn Rand quote in sig...check.
  Are you some kind of Linux stereotype character actor?
  
  --
  "Sufferin' succotash."
5. Re:Antivirus as a sign of failure by Anonymous Coward · 2012-01-01 10:33 · Score: 4, Insightful
  
  Damn, man, if you'd bothered to run Linux/FLOSS all this time, you could have just fscking ignored the whole malware situation entirely, as I've been able to FOR THE LAST TWO DECADES!
  Two decades ago, you had to edit XF86Config just to get your scroll wheel working, and you could fry your monitor if you entered the wrong clock rats. Linux on the desktop has been a disaster up until just a few years ago, and it still has yet to catch up to the big boys. It's a server/embedded OS. There's nothing wrong with that!
  Also, /facepalm at the downmods of the OP.
6. Re:Antivirus as a sign of failure by Goaway · 2012-01-01 10:41 · Score: 5, Insightful
  
  Which does absolutely nothing when computers on average have one user.
7. Re:Antivirus as a sign of failure by 0100010001010011 · 2012-01-01 11:18 · Score: 3, Insightful
  
  Yes. Why didn't Android devs put full thought into having ACLs and the such? I think something like solaris's pfexec! Perfect. I mean the average android phone has probably what, 100, 1,000, 10,000 concurrent users?
8. Re:Antivirus as a sign of failure by stephanruby · 2012-01-01 11:44 · Score: 4, Insightful
  
  I always believed that the day antivirus software becomes a universally accepted requirement the way it is on Windows...
  That day occurred when Outlook would run malicious scripts by default found in received email messages, that had access to the entire OS/hard drive, without any needed user intervention.
  For Android, I'm not sure that day has arrived yet, the article is derived from the press release of an antivirus company. Of course, it's going to imply that you absolutely need to buy *their* product (instead of using a little bit of street sense).
  Now never mind that Google already has the capability of uninstalling malware from Android that was previously downloaded from their Market (or that you can already download a "Kid Mode" launcher to prevent your kids from installing anything, or just press a button to reset your phone to wipe everything and restore it to its factory settings). Does McAfee think it can act much faster than google in identifying and removing malware? Personally, I doubt that. And never mind that an Android user actually has to locate and tick the checkbox for installing apps from unknown sources (which AT&T doesn't let you do anyway), and then has to accept the permissions to install the application in the first place.
  It's not like on the iPhone/iPad where you just need to go to a web page with some jpeg image on it and then your iDevice is magically rooted, and then the iPhone user is free to install any type of malware he wants (McAfee or no McAfee). That's one of the reasons that the McAfee anti-virus software on iOS is even more useless on iOS than on Android, since it can't run in the background and it can't even be scheduled to run at different times. On iOS, it couldn't prevent you from going to a malicious site even if it wanted to.
9. Re:Antivirus as a sign of failure by w0mprat · 2012-01-01 15:43 · Score: 4, Insightful
  
  Before anyone claims iOS is "secure" and free from malware, Chris Miller, a security researcher managed to get a malicious app APPROVED by Apple, then go on to demonstrate it taking over a phone. IMHO Apples process helps but, actually lulls users into a false sense of security, which undoes some of the benefits. Security has always been 90% a user education problem. Apples actually made some of that worse.
  
  (Nevermind that objective-C is an obscure language and Apple just could feasibly review every single line of code. It's not logistically possible.)
  
  Android has a pretty sophisticated security model, compared to anything running the desktop space. Actual root never needs to be given up for a huge range of modifications to the system. There's policy based access so users can see and restricted what apps will have access to. Apps also run in their own userid and can be restricted from accessing the users data. Brilliant stuff.
  
  So if the platform has malware on it, and it's the most secure thing out there in the mainstream... then what is wrong?
  
  Due to it's popularity Android is a juicy target for the malware ecosystem, and like natural ecosystems, it'll adapt to any hardened defenses if there's nourishment to be had. Google was silly to not fully anticipate this.
  
  For now there is no actual need for anti-virus anti-malware tools on Android for most users. But as always, the problem is a user education problem.
  
  --
  After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Walled gardens.. by wbr1 · 2012-01-01 09:47 · Score: 4, Interesting

I hate a fucking walled garden as much as the next guy, but this type of shit is why users will stay with one. Not that a walled garden can't be hijacked, hacked, or otherwise messed with, but by and large it is a cleaner place to be. It is a win-win, both or users who can't, won't, or are too dumb to be bothered with learning a little software/hardware safety, and with corporations who thrive on control and stifling competition.

--
Silence is a state of mime.
1. Re:Walled gardens.. by buchner.johannes · 2012-01-01 09:57 · Score: 3, Insightful
  
  I hate a fucking walled garden as much as the next guy, but this type of shit is why users will stay with one. Not that a walled garden can't be hijacked, hacked, or otherwise messed with, but by and large it is a cleaner place to be. It is a win-win, both or users who can't, won't, or are too dumb to be bothered with learning a little software/hardware safety, and with corporations who thrive on control and stifling competition.
  You can have a "walled garden" for users (some Android companies have their Appstores), yet still allow people to leave on their own risk. It's not mutually exclusive.
  For instance you can install packages from repos in Linux, yet you can also download and install source packages with {./configure&&make&&make install;} if you don't mind the risk of screwing up your system. There is no need to lock out users from their phones.
  Maybe you didn't mean "walled gardens" but cared-for repos anyway.
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
2. Re:Walled gardens.. by macs4all · 2012-01-01 11:35 · Score: 3, Insightful
  
  You aren't putting your data at risk, unless you are sharing your android phone with some idiot. The user that is smart enough to download from sources he trusts, check the reviews, watch for unnecessary permissions etc... is not at risk from these scams.
  So, I can either just click a link on the iOS App Store and KNOW all that stuff has already been done for me, or waste two hours scouring the internet just to figure out whether some stupid egg timer app is going to sell my soul to the Ukraine right?
  
  I don't know about you; but my time is worth a lot more than that.
  
  The curated collection approach is not perfect; but it sure seems to work out quite well in the real world, where the rest of us live...
  
  Which I believe anyone who is not completely delusional would agree has not been the case so much for the Android "Wild West" approach. Note, for example, that Apple has never had to exercise its "Kill Switch" option for an App already in the Wild; whereas Google has had to do so on several occasions.
3. Re:Walled gardens.. by shellbeach · 2012-01-01 11:52 · Score: 4, Informative
  
  So how does one know? All of this pontificating about dumb or lazy users doesn't really help. How do I distinguish a download of Uno, for example, that has embedded malware from one that doesn't?
  One word: permissions. When you install an app on Android, you will be prompted with the permissions the app is requesting, and asked if you want to install it. You, the user, have a very good breakdown of exactly what an app can do before it gets installed. And for sending SMSes, it's extremely clear -- the permission is described first as "Services that cost you money" and will then list that it can send SMS messages. It should be obvious that Uno has no need to be sending SMSes on your behalf.
  So anyone who gets burnt by these schemes would have to (a) search for a dodgy "free" version of a popular paid app and (b) install it even when there was a warning that it was going to potentially send costly SMSes. I know there are suckers born every minute, but you'd have to be a really, really cheap and stupid one to get hit by this.
  Of course, potentially Google should have predicted this and included an "Allow always/allow once/reject" prompt the first time a third-party app attempts to make a phone call or send an SMS. It's probably not a bad idea ...
4. Re:Walled gardens.. by chrb · 2012-01-01 14:09 · Score: 5, Informative
  
  the iOS App Store and KNOW all that stuff has already been done for me
  Malicious app penetrates iTunes store to test security Miller's malware was on the Apple app store for over 2 months, so clearly the Apple store is vulnerable to the same sort of shenanigans as the Android market.
  
  Apple has never had to exercise its "Kill Switch" option for an App already in the Wild
  From the BBC article: "Apple declined to comment. It also removed the app and barred the developer from its store."
Still going on by Pop69 · 2012-01-01 10:25 · Score: 4, Insightful

The weekly/monthly stories that try to implant into peoples minds.

Android = Linux = Malware

Users are stupid whatever OS/Hardware they use, they will click on shit like this just because it pops up and they've never bothered to educate themselves about what it really means.
1. Re:Still going on by gstrickler · 2012-01-01 12:00 · Score: 3, Insightful
  
  And that's why "walled gardens" are safer for the vast majority of users.
  
  --
  make imaginary.friends COUNT=100 VISIBLE=false
2. Re:Still going on by frank_adrian314159 · 2012-01-01 13:37 · Score: 4, Insightful
  
  ... they will click on shit like this just because it pops up and they've never bothered to educate themselves...
  We have decades of observed behavior showing that users will not "educate themselves". As such, any consumer-facing system that requires users to "educate themselves" is de facto broken and, frankly, poorly designed.
  
  --
  That is all.
Re:Couple of years? by stephanruby · 2012-01-01 10:38 · Score: 5, Informative

McAfee should know, it's one of them too.
Their free trial virus scanner does the same thing, it's just slightly more subtle about it. I appreciate the fact that it helps clean up cookies, and I hate ad-network cookies as much as the next guy, but labeling each ad-network cookie as a separate infection is only designed to oversell what it does, and alarm non-technical users into ponying up more money for their over-priced software.
And eventually, their software behaves just like most malware anyway. It nags you every year for you to pay to resubscribe. It continually runs in the background slowing down your computer in everything it tries to do. And it ends up stealing a good portion of screen real estate away from a non-sophisticated user, who usually doesn't know how to remove it from his/her internet browser.
Not to mention that on a mobile device, it will also suck the battery dry.
Re:Too open for its own good by LostCluster · 2012-01-01 10:51 · Score: 3, Insightful

Yeah, but where would the fake webpage buy its traffic from? Apple controls in-app ads, and Google censors its search ads all the time. A fake antivirus website that nobody visits is not a problem at all.
Re:Too open for its own good by macs4all · 2012-01-01 10:54 · Score: 4, Insightful

Walled Gardens are the TSA Security Theater of the mobile space (coming soon to a PC near you!)

Not hardly.

When you talk about the TSA, there are literally hundreds of examples of the TSA not catching "banned items". WIth the iOS App Store, there have been what, one or two completely benign "breaches" in three years?

Hardly a fair comparison.

And, when compared with the track record of Android, even in the supposed "official" Android App Store, you would be bat-shit crazy to seriously suggest that Apple's curating of the App Store is "theater".
the weekly A/V scam by Fuzi719 · 2012-01-01 11:28 · Score: 5, Interesting

It seems every week there is another "Oh Nos! Android is infested with malware!" article extolling the virtues of Apple and claiming all Android phones MUST install some A/V app or else your hair is going to fall out, your dog will get pregnant and your lawn will turn brown. Every one of these articles can be traced back to one of the major A/V vendors (who just happen to have a convenient Android A/V app for sale) or Apple. It is all FUD and BULLSH*T. Are there malware out there for Android? Yes. Is it widespread in the US? No. I've worked with Android phones for years, work with several administrators in corporate environments who service hundreds of Android phones, know dozens of friends with Android phones. I have NEVER encountered a single bit of malware. Not once. The few bits of malware that have gotten into the system in the US were quickly taken care of by Google. Tell me, have any of you EVER seen this "widespread malware" out in the field?