Ransomware malware has hit the mobile market with an app that demands payment for bogus infections and could be so hard to remove that it requires phones be sent to manufacturers for repair.
The Android Defender app mirrored desktop fake antivirus which tricked users into believing their machines were infected with viruses. It demanded users pay $100 over a year to remove the nonexistent viruses.
In a worst-case scenario, the app could require a factory data reset in which a specific key combination would be entered, something that may need to be done by the phone's manufacturer, Symantec principal response manager Vikram Thakur said.
Ransonware scams could find more success in the mobile environment than desktops because users were so reliant on the devices and would respond quickly to threats.
“People are getting a lot more reliant on their phones these days,” Thakur said. "They probably carry out about 80 to 90 percent of their waking day on them. In terms of urgency, people are a lot more sensitive about their phones than their PC."
Researcher Joji Hamada said users may be able to uninstall the Android Defender app because of existing bugs in the software which have not yet been fixed.
The malware was hosted at various sites but not on the official Google Play store, and had infected less than 50 devices since 2 June.
Symantec said it signaled the rising tide of threats traditionally segregated in the PC market making their way into the mobile realm.
Users often believe they were downloading a Skype app from sites that allowed them to make free phone calls, Thakur said.
It was only when they download the app, dubbed Fake Defender by Symantec, that they saw their device overtaken by the Android Defender virus scan.
The malicious app also warned users that malware was trying to steal pornographic content stored on their device – an additional con to spur victims into emptying their pockets.
“In our testing, there was no simple solution to removing this [ransomware] – just as we've experienced on the PC side,” Thakur said.