First ransomware app targeting Android devices spotted in the wild, Symantec says

Fake 'Android Defender' can change the settings of the operating system, reject reset attempts, Symantec says

The first fake antivirus app intended to victimize Android users has been spotted by Symantec, which says this fake A/V app can also act like ransomware to hold the victim's Android device hostage.

Fake antivirus scams have long been a plague hitting Windows-based PCs to try to fool victims into thinking that there's a virus on the PC that the fake A/V can fix -- typically with some money, of course. Symantec says it's now spotted what it believes to be the first known similar type of ruse aimed at Android users through a fake A/V calling itself Android Defender. Android Defender deliberately misrepresents the status of the Android device and also acts like ransomware to hold the Android device hostage.

Android Defender

Credit: Symantec official blog

Android Defender fake antivirus

[ RELATED: FBI/IC3 says online mug shot 'extortion' a growing problem 

MORE: Ransomware leverages victims browser histories for increased credibility ]

Unfortunately, the Android Defender fake antivirus app is a program that the victim would have mistakenly installed.

"Once the malicious app has been installed, user experience varies as the app has compatibility issues with various devices," Symantec said on its official blog today. "However, many users will not have the capability to uninstall the malicious app as the malware will attempt to prevent other apps from being launched. The threat will also change the settings of the operating system. In some cases, users may not even be able to perform a factory data reset on the device and will be forced to do a hard rest which involves performing specific key combinations and/or connecting the device to a computer in order to perform a rest using software provided by the manufacturer."

If they are "lucky," some users may be able to perform a simple uninstall due to the fact that the app may crash when executed because of compatibility issues, Symantec says. "The malicious app is quite buggy right now, but it's clear the group is working on it and it's another indicator that what we've seen on the PC that is effective, we’re going to see those attacks eventually on mobile devices," according to Symantec.

Symantec adds: "The apps were found on third-party websites. Some came disguised as a version of Skype that would allow you to make free phone calls, and when you installed it took you to the fake antivirus." That version was described in a video posted in the blog, describing how a fake A/V can lock up a device.

It's all just growing evidence that malware writers have begun flocking to the Android platform to carry out their evil deeds -- even if open source Android's own issues with fragmented operating systems from Android device manufacturers don't provide malware writers with a wholly uniform platform for malware execution as they might like. The growing Android malware problem is also providing traditional anti-malware vendors, such as Symantec, with a new market for mobile-device anti-malware protections.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: @MessmerE. Email:

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2013 IDG Communications, Inc.