Antivirus Fraudware Goes Mobile?

We came across some interesting mobile phone software yesterday. It’s designed for the J2ME platform for mobiles and it’s a midlet with a Kaspersky Anti-Virus icon. The application mimics the behavior of our antivirus software; it deliberately simulates the detection of a virus and then shows an error message.

At first, we thought it was a new fraudware program designed to steal money from mobile users’ accounts, but after checking its behavior, we came to the conclusion that it’s just a demonstration – looks like somebody was having a bit of fun. The program doesn’t modify the system or try to steal any money.

Although the program isn’t malicious in itself, we detect it as FraudTool – even though the program’s safe to run, we think that users should be notified about it. Because it’s not malicious, we’ve added the prefix not-a-virus. If we see another modification of this application which attempts to trick the user in some way and steal money from his/ her account, we’ll remove the prefix and the program will be detected as true malware.

Here’s a video clip showing how the program works (in Russian only – but even if you don’t speak Russian, you might still find it interesting!):

Detected for this program was added on 7th August. We decided to call it not-a-virus:FraudTool.J2ME.KaspAV.a, because it mimics the behavior of our antivirus product for mobiles.