New ransomware masquerading as a legitimate Android security app has been uncovered by Symantec researchers.
Symantec’s Joji Hamada said the malicious app infects users’ machines by pretending to be a legitimate free antivirus app. However, unlike a legitimate security app, rather than protecting the user from malware, it loads it onto the device.
“The scam has evolved over time and we are now seeing FakeAV threats making their way onto Android devices. One interesting variant we have come across, detected by Symantec as Android.Fakedefender, locks up the device just like Ransomware,” wrote Hamada.
“Once the malicious app has been installed, user experience varies as the app has compatibility issues with various devices. However, many users will not have the capability to uninstall the malicious app as the malware will attempt to prevent other apps from being launched. The threat will also change the settings of the operating system.”
Hamada said the malware is particularly nasty as it can in some cases block the device’s hard reset command. “In some cases users may not even be able to perform a factory data reset on the device and will be forced to do a hard reset, which involves performing specific key combinations and/or connecting the device to a computer in order to perform a reset using software provided by the manufacturer,” he wrote.
“If they are lucky, some users may be able to perform a simple uninstall due to the fact that the app may crash when executed because of compatibility issues.”
FakeDefender is one of many targeting the Android operating system. Hamada said the high success rate of the attacks will lead criminals to increase the number of threats using the tactic, calling for Android users to install legitimate, trusted mobile security applications.
“We may soon see FakeAV on the Android platform increase to become a serious issue just like it did on computers. These threats may be difficult to get rid of once installed, so the key to staying protected against them is preventing them from getting onto your device in the first place,” he wrote.
The ransomware is one of many new mobile threats uncovered this year. Russian security firm Kaspersky reported detecting 23,000 new mobile threats in its Q1 2013 Threat Report.