Scareware distributors start targeting smartphone users, experts warn
Scareware distributors are targeting smartphone users who search the Web for popular mobile apps, experts from antivirus vendor Kaspersky Lab warn.
Rogue programs that masquerade as antivirus software have been used to scam computer users for many years. The money generated by such schemes is regularly used to fund other illegal activities.
The high profitability of scareware has pushed some cybercriminal gangs into previously unexploited markets, like those of Mac computers and now smartphones.
According to Kaspersky Lab senior malware analyst Denis Maslennikov, mobile malware creators are using black hat search engine optimization (BHSEO) to poison Google search results for popular mobile apps like Opera Mini with malicious links.
"Cybercriminals have started to use almost the same techniques in order to force [smartphone] users to download and install malware," Maslennikov said in a blog post
last week. "But in this case we talk about SMS Trojans with fake AV rudiments." According to the Maslennikov, mobile malware creators are using black hat search engine optimization (BHSEO) to poison Google search results for popular mobile apps like Opera Mini with malicious links. The links lead to scareware pages that ask visitors to perform online malware scans that display bogus privacy and security alerts. After performing the scans, users are advised to download a special anti-malware application that fixes the problems allegedly found on their devices.
This application is called VirusScanner and is designed to silently send SMS messages to premium-rate numbers. Kaspersky has identified versions of this Trojan for Android and older Java-enabled mobile operating systems like Symbian. Even though the samples seen so far only target Russian-speaking users, it's possible that versions localized in other languages will appear as well, especially as such scams continue to have a high success rate. Last month the FTC [gave back
$8 million to victims of a large scareware distribution network that was dismantled in 2008.
"It's not the first time when we've seen the adoption of common malware techniques in the mobile malware world and we will definitely see more examples of such adoption in 2012," Maslennikov said.