Antivirus Fraudware Goes Mobile?

We came across some interesting mobile phone software yesterday. It’s designed for the J2ME platform for mobiles and it’s a midlet with a Kaspersky Anti-Virus icon. The application mimics the behavior of our antivirus software; it deliberately simulates the detection of a virus and then shows an error message.

At first, we thought it was a new fraudware program designed to steal money from mobile users’ accounts, but after checking its behavior, we came to the conclusion that it’s just a demonstration – looks like somebody was having a bit of fun. The program doesn’t modify the system or try to steal any money.

Although the program isn’t malicious in itself, we detect it as FraudTool – even though the program’s safe to run, we think that users should be notified about it. Because it’s not malicious, we’ve added the prefix not-a-virus. If we see another modification of this application which attempts to trick the user in some way and steal money from his/ her account, we’ll remove the prefix and the program will be detected as true malware.

Here’s a video clip showing how the program works (in Russian only – but even if you don’t speak Russian, you might still find it interesting!):

Detected for this program was added on 7th August. We decided to call it not-a-virus:FraudTool.J2ME.KaspAV.a, because it mimics the behavior of our antivirus product for mobiles.

Antivirus Fraudware Goes Mobile?

Your email address will not be published. Required fields are marked *



Lyceum group reborn

According to older public researches, Lyceum conducted operations against organizations in the energy and telecommunications sectors across the Middle East. In 2021, we have been able to identify a new cluster of the group’s activity, focused on two entities in Tunisia.

GhostEmperor: From ProxyLogon to kernel mode

While investigating a recent rise of attacks against Exchange servers, we noticed a recurring cluster of activity that appeared in several distinct compromised networks. With a long-standing operation, high profile victims, advanced toolset and no affinity to a known threat actor, we decided to dub the cluster GhostEmperor.

APT trends report Q2 2021

This is our latest summary of advanced persistent threat (APT) activity, focusing on significant events that we observed during Q2 2021: attacks against Microsoft Exchange servers, APT29 and APT31 activities, targeting campaigns, etc.

Subscribe to our weekly e-mails

The hottest research right in your inbox