Device-disabling Fake AV migrates to Android phones, demands ransom

Symantec

Device-disabling malware that masquerades as legitimate antivirus protection is migrating to smartphones running Google's Android operating system, according to researchers who got their hands on what appears to be an early test version of one such malicious program.

So-called Fake AV software, which is often bundled with screensavers or other innocuous-appearing apps, has long been a nuisance in the malware landscape for both the Microsoft Windows and Mac OS X platforms. Some operators have managed to rake in millions of dollars by reporting non-existent infections on machines and then tricking owners into paying for fraudulent disinfection services.

Enter Android Fakedefender, which researchers from antivirus provider Symantec recently discovered in several third-party Android app markets. The malicious app is still buggy and crude to say the least, but it nonetheless has the ability to create major headaches for smartphone users who install it. On many handsets, for instance, Fakedefender cannot be uninstalled at all and will prevent users from performing factory resets. Borrowing a page from so-called ransomware malware, the app also prevents many users from opening other apps or accessing data stored on the device until users buy a premium version of the Fake AV program.

Read 6 remaining paragraphs | Comments