[SingCERT] Fake Mobile Apps

Published on 15 Jun 2017

Updated on 22 Sep 2021

With the global wide-spread infection of a ransomware known as “WannaCry” aka WanaCryptor, fake mobile apps in Google Play are emerging to promise protection from the ransomware. However, the “WannaCry” ransomware does not target phones. These fake mobile apps disguised as anti-virus apps actually contain malware. Appended below is a list of known free fake anti-virus apps obtained from RiskIQ/CNET.

Fake Antivirus Apps

Affected Systems

  • Android
The malware author can obtain sensitive information such as passwords and personal details from affected phones. Users may risk paying for a fake subscription to ensure the security of their mobile devices. Users with an infected phone will observe the following symptoms:
  • Annoying ads pop up when data connection is available
  • Sluggish phone performance
  • Automatic downloading and installation of apps
  • Existing apps function differently from usual 
  • Fake notifications or warnings on the mobile device
  • Decrease in phone storage capacity
  • Do not download or install apps from non-official app stores
  • Use a reputable anti-virus/anti-malware scanner to scan apps before installing
  • Do not click on suspicious links, web pages or advertisements
Refer to previous advisory for recommendations on infected mobile devices here