Symantec researchers have recently unearthed a mobile fake AV solution called "Android Defender" being offered on a number of unofficial, third party download sites under the guise of an extension for the Skype VoIP app.
Once installed, the software asks permission to run under administrator rights, which would make it more difficult to uninstall. But even if the permission is not granted, that will be a problem
The app first "scans" the device and tells the user that it has detected a number of infections (and lists them). Of course, this scan result is fake, and the app tries to convince the victim to download - and pay for - the full version that will supposedly remove the malware from the phone.
If the victim declines to do so, the software will continue to pester him or her by constantly presenting pop-ups warning about the infection. It will also prevent users from trying to uninstall the app (the original APK file has, by now, deleted itself) and from running other apps, for example legitimate AV software that could help with uninstalling the malware.
After a while, the fake AV also tries to make it look like it's trying to steal the content of the browser's cache, including pornographic images.
The malware itself is very buggy, and may crush the phone repeatedly, especially on specific phone models for which it is obviously not well suited. And even if the victim falls for the scams and tries to upgrade to the full version, the software won't allow it.
Taking all this into consideration, the researchers believe that this is only test malware, but are sure that more stable versions are bound to follow.
"We may soon see FakeAV on the Android platform increase to become a serious issue just like it did on computers. These threats may be difficult to get rid of once installed, so the key to staying protected against them is preventing them from getting on to your device in the first place," says researcher Joji Hamada.
In this particular case, users might be unable to uninstall the app because of its instability, and will be forced to perform a factory data reset on the device, or even to do a hard reset.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.