WannaCry Ransomware: Fake Antivirus Apps For Android Don't Protect Against Malware Attacks
A new wave of apps appearing in the Google Play Store purport to protect devices against the WannaCry ransomware attack that infected hundreds of thousands of computers around the world earlier this month, but may present their own security risks.
Security firm McAfee found a number of apps in the Google Play Store that appear when a user searches “WannaCry.” Most are guides and reminders to patch Windows to protect against the ransomware attack or pranks that make it appear a device has been infected, but several prey on concerned users while loading malicious services.
McAfee classified an app called WannaCry Ransomware Protection a potentially unwanted program, with the app offering no actual protection and instead displaying ads and attempts to get the user to download more related apps.
The WannaCry Ransomware Protection app does contain a scanner feature that can detect a few malicious ad libraries — a feature that appears to be hijacked and repacked from another app. Ironically, the app labels itself as “Medium Risk” when scanned because of the ad network it uses to display advertisements.
Another fake app named Anti WannaCry Virus also purports to help remove malicious software including the widespread ransomware attack from a user’s device. McAfee found the app offers no such tools to protect a user’s Android handset.
In both cases, the WannaCry-related apps have high reviews that make them appear more legitimate. Some of the reviews even appear to be users claiming the apps found instances of viruses on their devices and offered protection. It’s possible the developers have paid for reviews to bolster the legitimacy of the apps.
Read: WannaCry Ransomware: How To Decrypt Your Files If You've Been Hit By WannaCry
McAfee noted it contacted Google about the apps and encouraged the company to remove them from the Google Play Store.
“We did not find any malware in these apps offering fake protection against WannaCry, but cybercriminals often seize the opportunity of trending topics like this — as we have seen with Flash Player for Android, Pokémon Go, Mario Run, Minecraft, etc. — to distribute malicious payloads even on official apps markets,” Fernando Ruiz, a security researcher at McAfee, wrote in a blog post.
While there are plenty of concerns about ransomware on mobile devices and it is possible for smartphones to become compromised by malware and other attacks, WannaCry has not been found to infect Android devices.
Thus far, WannaCry is exclusive to Windows — and in some cases, devices that communicate with Windows machines. The exploit used to spread WannaCry takes advantage of a vulnerability in the Windows Server Message Block protocol, which was first discovered by the U.S. National Security Agency and eventually reported to Microsoft after it was stolen by a group of anonymous hackers known as the Shadow Brokers.
Thus far, there is no evidence to suggest WannaCry has targeted or could infect Android devices.
© Copyright IBTimes 2024. All rights reserved.