Security researchers have been stressing the dramatic rise in mobile malware for a few years now — which naturally leads to more users downloading and using some sort of mobile antimalware app. But now even malware protection has become a risk: last month the popular Virus Shield Android app was outed as fraud, and this week Kaspersky announced the discovery of a pair of fake apps using its name in the Google and Windows Phone app stores.
This shouldn't be surprising. When cybercriminals find an attack vector that works, it doesn't take long for copycats to come along with knockoffs.
"Now we are seeing how one successful scam spawns numerous clones. Scammers who want to make a quick buck from inattentive users are selling dozens of fake apps, copying the design, but not the functionality of the original," said Roman Unuchek, senior malware analyst at Kaspersky Lab, in an emailed statement. "It is quite possible that more and more of these fake apps will start appearing. One thing is for sure, the security mechanisms put in place by the official stores cannot cope with these kinds of scams."
So, what can you do to both protect your mobile device from malware and protect yourself from fake antimalware?
Obviously, shady apps are more likely to appear on unaffiliated third-party app sites — especially for Android — but, as evidenced by the discovery of these apps in the official Windows Phone and Android app stores, none of the distribution sites is completely safe.
Kaspersky offered some advice to help users navigate this murky territory:
- Check if the app page looks official, with high resolution images, thorough product details, and the correct company name and product name
- Double check the company's website. It should have a section for purchasing products, so if you're unsure, purchase the product from links on the company's page
- If you do purchase the app before detecting it's fake, contact the app store and ask if you can receive a refund
As with all issues of computer and mobile security, exercise some common sense and a healthy dose of caution. The time you spend making sure the app is legit before you buy or download it will be time well spent.
Sign up for CIO Asia eNewsletters.