[SingCERT] Fake Mobile Apps

Published on Thursday, 15 June 2017 17:41

Background
With the global wide-spread infection of a ransomware known as “WannaCry” aka WanaCryptor, fake mobile apps in Google Play are emerging to promise protection from the ransomware. However, the “WannaCry” ransomware does not target phones. These fake mobile apps disguised as anti-virus apps actually contain malware. Appended below is a list of known free fake anti-virus apps obtained from RiskIQ/CNET.

Fake Antivirus Apps

Affected Systems

  • Android
Impact
The malware author can obtain sensitive information such as passwords and personal details from affected phones. Users may risk paying for a fake subscription to ensure the security of their mobile devices. Users with an infected phone will observe the following symptoms:
  • Annoying ads pop up when data connection is available
  • Sluggish phone performance
  • Automatic downloading and installation of apps
  • Existing apps function differently from usual 
  • Fake notifications or warnings on the mobile device
  • Decrease in phone storage capacity
Prevention
  • Do not download or install apps from non-official app stores
  • Use a reputable anti-virus/anti-malware scanner to scan apps before installing
  • Do not click on suspicious links, web pages or advertisements
Recommendations
Refer to previous advisory for recommendations on infected mobile devices:
https://www.csa.gov.sg/singcert/news/advisories-alerts/ghost-push

References
https://www.cnet.com/news/virus-scanners-filled-with-malware-are-flooding-app-stores/
https://www.3ptechies.com/heal-android-virus.html