Beware: Fake Antivirus Scanner Targeting Android Users on Twitter

Social media networks are very good hunting grounds for scammers and this is another such instance of a new scam (targeting Android) spreading on Twitter. This scam consists of enticing tweets that tempts users to click them. The links in these messages carry a ‘.TK’ extension and direct the users to unsafe web pages that can transfer malicious programs onto the machine.

We time and again update our customers and followers to be wary of the dangers lurking in Social Media networks and also give out cautionary warnings requesting Android users to refrain from opening unknown links on the Android browser. Clicking on such links opens a fake URL which is as follows:

hxxp://googleapi17.ru/l.php?l=os&ampr=5519&ampa=29#

When the user is directed to this URL, it shows a fake webpage with Russian fonts. Some might ignore the text followed by the inability to read Russian, thus, sparing themselves from falling into the trick. However, a gullible user might fall for the social engineering technique of the webpage imposing to be an anti-virus scanner.

Fake webpage-1Fake webpage-2

If a user clicks on the button that implores him to carry out a scan, he is requested to download a file known as VirusScanner.apk – a fake application that should not be allowed into the smartphone, under ideal circumstances. Given below is a snapshot of the permissions required by this app.

Downloading the appFinished downloading

Once installed, the scareware appears in the application tray as shown below. If you pay close attention to the permissions required by the app, a pretty scary picture emerges; such information exposure can be misused in several ways. As can be seen, the application also carries with it a fake Kaspersky logo.

App trayPermissions gained

This malicious app uses the Russian market to register itself. After installation, it checks the country that the user resides in and then sends out SMS messages to premium-rate numbers to gain income for the creators of the app. It is also capable of downloading additional malicious code in the future.

It is recommended that you refrain from clicking on suspicious links and always steer clear from ‘.TK’ extensions as well. Genuine mobile scanning software like Quick Heal Mobile Security for Android or BlackBerry devices goes a long way in protecting your precious device, rather than some random anti-virus software that one may stumble upon.

Thanks to Sandip for carrying out the analysis.

Rahul Thadani

Rahul Thadani


1 Comment

Your email address will not be published.

CAPTCHA Image

  1. Its importent to qwick heal uses many user use qwick heal crack antivirus with life time liacence so beaware to this froud qwick heal distributers

    Reply