Bogus WannaCry ‘Protectors’ on the Rise

The WannaCry virus may have been bad news for hundreds of thousands of computer users, but people out for a quick buck were able to turn the worldwide hysteria over the ransomware to their advantage.

Even though mobile systems are not vulnerable to WannaCry, an insidious PC ransomware that holds hostage the data of its victims, some app makers are capitalizing on the situation by putting out bogus WannaCry “protectors” for mobile users. The apps being pushed do nothing to protect the device it is downloaded to and, in some cases, harm it, RiskIQ security analyst Forrest Gueterman said in a blog post.

This is not a new phenomenon, however. RiskIQ has found “hundreds of examples of apps that claimed to help defend mobile phones were found, instead, to be preying on unsuspecting users by pushing adware, trojans, and other malware,” Gueterman said.

Image courtesy of (Stuart Miles) / FreeDigitalPhotos.net

Image courtesy of (Stuart Miles) / FreeDigitalPhotos.net

Using a title search for ‘Antivirus’ resulted in:

Total:

  • 6,295 total apps, past and present.
  • 707 of these apps triggered blacklist detections from the aggregated antivirus vendors in VirusTotal.
  • 655 of these apps are in the Google Play store, 131 of which triggered blacklist detections.
  • 11 percent of total antivirus apps live in the Google Play store.
  • 20 percent of total blacklisted antivirus apps live in the Google Play store.

Active:

  • 4,292 apps are still active.
  • 525 of these apps triggered blacklist detections from the aggregated antivirus vendors in VirusTotal.
  • 508 of these apps are in the Google Play store, 55 of which triggered blacklist detections.
  • 12.2 percent of active antivirus apps live in the Google Play store.
  • 10.8 percent of active blacklisted antivirus apps live in the Google Play store.

“Of course, not all of these blacklist hits from VirusTotal mean that the app is malicious, and many malicious antivirus apps are not blacklisted at all. After all, even on VirusTotal’s website, they state “it may be used as a means to detect false positives,” Gueterman added. “VirusTotal can be utilized as a way to gauge the riskiness of scanned files, and if a trusted AV vendor flags an app, or multiple AV vendors flag an app, it may be worth further review. The example apps throughout this blog post have multiple hits from AV vendors, including some of the more trustworthy and well-known ones. When it comes to the safety of your mobile devices, it is always best to be diligent. Be careful about inviting the bad guys in and giving them access to everything when choosing an anti-virus app.”

RiskIQ is offering a handful of tips for choosing a mobile antivirus solutions:

  • Only download from official stores such as Google Play. They will be more diligent in removing malicious apps than third-party stores.
  •  Review all permissions requested and make sure the developer e-mail address is not a free service such as Gmail or Outlook.
  •  Avoid apps that have a description that are riddled with grammatical errors.
  •  If able, check the app against known blacklists.

avatar

The post Bogus WannaCry ‘Protectors’ on the Rise appeared first on SiteProNews.

SiteProNews

, , ,

Comments are closed.

© 1992-2017 DC2NET™, Inc. All Rights Reserved