Fake AntiVirus in Mobile App Stores

The first well-known fake mobile antivirus software was called Virus Shield, and it was placed in the Google Play Store. Since then, the malware has become progressively more sophisticated. Now, it seems to be using the names of legitimate antivirus software companies.

Kaspersky posted an article five days ago about a couple of these malware packages using their name, one on Google Play and the other, unusually, in the Windows Phone Store. Most major antivirus vendors have mobile versions of their software, but the layout and apparent lack of source verification in mobile app stores, coupled with the sometimes complicated named software vendors give to their products, can make it easy to mistakenly install the wrong app. For example, in the Kaspersky example above, the real antivirus software is called “Kaspersky Internet Security for Android,” while the fake apps were given the much simpler names “Kaspersky Mobile” and “Kaspersky Anti-Virus 2014.”

It seems that the only safe way to obtain mobile antivirus apps is by visiting the vendor’s website and locating it there, rather than trusting any mobile app store.

“Red October” Attack Described by Kaspersky

Kaspersky has recently released a detailed description of the “Red October” attack, an espionage operation involving the infection of hundreds of computers targeting government networks, embassies, and scientific organizations. The victims have mostly been in Eastern Europe, according to Securelist, but computers around the world have been infected, including some in the United States.

The Kaspersky report linked above is fairly technical, but a number of other outlets have provided useful summaries of the analysis of Red October, including this article from TechNewsWorld and Securelist’s article linked above.

Reportedly, the attackers who wrote the code appear to be Russian-speaking. Red October also includes elements that have previously been used in attacks against Tibetan activists and other Asian military and energy targets.