Early April security researchers uncovered the fraudulent antivirus app on the Google Play store naming itself Virus Shield. Virus Shield was a bogus antivirus application for Android users. For it begin a scam, one unique feature was the fact it was a paid application, most antiviruses don’t charge an upfront fee and instead require a subscription key for activation. The antivirus application was a scam and did nothing to secure the phone or keep it protected, it was essentially a useless picture based application. While the application kept a 4.7/5 star rating, the application only had to appear useful to gain attraction in the market.
Security researchers at SecureList found that following Virus Shield were numerous other fraudulent applications. Researchers first uncovered their first fake application on the Windows Phone Store, which is quite unusual as scammers tend to target the Google Play store. Either way, the application too required an upfront fee, and went by the name Kaspersky Mobile. Kaspersky does not have a product line with that name, but that did not hinder the scammers intentions assuming no one would notice.
The fake application appears to carry out various security tasks on the phone, such as scanning files and analyzing the phone for threats. One of the first flags, aside from the name, was the scanning bar. The “scan progress” appeared to be scanning the device, and performing a “heuristic analysis” separately. Securelist researchers note antivirus solutions do not display separate progress bars when performing a regular scan and heuristic analysis.
In turn, the scammers didn’t stop when using big brand names such as Kaspersky. Fraudsters “offered” a number of applications from big brands including Avaria antivirus, Mozilla mobile, Google Chrome Pro, Netscape mobile, Internet Explorer, Opera mobile, Safari mobile, along with various others. Scammers included Google Chrome for 99 rubles (around $2.80), and Google Chrome Pro for only 59 rubles (about $1.70).
One of the more popular sights was the fact that Virus Shield, the same scam application found on the Google Play store, was on the Windows Phone store selling for 69 rubles (around $2). The scammers show how one scam can spawn off numerous clones, not just one antivirus, but dozens of fake applications. The applications do not hold the functionality of the legitimate applications, only the aesthetics.
It appears many fake applications flew under the radar and dozens of fraudulent payed applications got onto the floor of the Windows Phone store. The applications did not appear to be widely popular, but did attract customers and reviews. Some positive and negative reviews, nothing the scale of Virus Shield on the Google Play store. The fact that the number of fraudulent applications, even Internet Explorer mobile, made it to the Windows Phone market is troubling to say the least.