The newest threat to Android is an app that promises users security for their mobile devices.
But don't let the phony "Android Defender" name fool you. This ironically named anti-virus software will do anything but defend your smartphone.
The fake Android Defender — there's a real, less dubious Android Defender app found in the Google Play store — tricks users into paying for a fake "cleanup" service that will allegedly clear their devices of Trojans and viruses.
The experts at Sophos' Naked Security blog analyzed the fraudulent anti-virus software thoroughly. The app first warns users that their devices are "at risk of being infected," then prompts them to allow free scans of the devices.
Not surprisingly, the scans come back positive for malware or Trojan infection. Users are then asked to purchase the "necessary" software to eliminate these threats.
The phony Android Defender even uses the names of real Android malware files, such as Android.MailStealer, when generating its list of "threats," striking fear into the hearts of malware-savvy users.
Once the user pays for the fake cleanup of his device, the app will live on indefinitely, performing fake updates and leaving the device vulnerable to real malware threats.
This scareware goes a long way to keep up its façade of legitimacy. Using a Java-based pseudo-random-number generator, the app's database size even appears to increase with every update it performs.
But all that's really increasing is the victim's false sense of security.
In order to download the fake anti-virus app, Android users first have to change their security settings to allow installation of apps from "unknown sources."
So if you did turn on that security-weakening option after you got your Android device, now might be a good time to turn that option back off.
Scareware threats from sources like "Android Defender" may seem trite to some, but they're still a force to be reckoned with. Last year alone, American victims of all sorts of cybercrime were cheated out of more than $500 million.
Although most folks have grown accustomed to fending off malware attacks on their PCs, they may not be as diligent about securing their mobile devices.
Common forms of Android malware include banking Trojans, which target online banking accounts, and premium SMS scams. Both masquerade as legitimate apps to gain access to users' devices.
To protect yourself from mobile threats, including scareware like the phony Android Defender, don't download apps outside of the Google Play store. (Even within Google Play, make sure you're downloading the official version of an app, not a knock-off.)
It may also be wise to download some real mobile anti-virus software for your Android device.
-By Elizabeth Palermo
