FakeAV holds Android Phones for Ransom

Are we protected against this by avast!?

polonus

Here is more information,

http://arstechnica.com/security/2013/06/device-disabling-fake-av-migrates-to-android-phones-demands-ransom/

http://www.symantec.com/security_response/writeup.jsp?docid=2013-060301-4418-99

http://www.symantec.com/connect/blogs/fakeav-holds-android-phones-ransom

http://video.symantec.com/services/player/bcpid292374537001?bckey=AQ~~,AAAABuIiy9k~,I8BhasVwr9zYL9V36WFi86fR_NoePscn&bctid=2496711760001

Any Virustotal link?

Does avast! detect this?
http://bgr.com/2013/06/24/android-malware-fake-antivirus/

Yes, this malware is detected via scanner.

Not really: https://www.virustotal.com/en/file/983e662c5fa649ab25a5209d8996d6ddf581f15ef73d8e14c8360125d2c5f920/analysis/1372331050/

I have sent the sample number of times since yesterday :o

This is strange. Last VPS contains this signature. Anyway thanks for report I will push it forward and check if everything is running ok.

Wait…you mean 130626-1,right?

It may happen latest VPS is not released in my area!?

Could be it, but still, we should push the new version for all users.

Well,you are right,but if it is that way then why avast scanner on VT doesnt detect it too!? I am sure avast will detect this in next VPS :slight_smile:

Thanks for your reply Jan.Much appreciated.

Still not detected :-\

Now is fully deployed, so please try; you should see:

Trojan detected - Android:Defender -C [Trj]
Trojan detected - Android:Defender -A [Trj]
Trojan detected - Android:Defender -B [Trj]
Trojan detected - Android:FakeAV -D [Trj]

Thanks now detected ;D

And guess what!? avast the one among the few to detect this: https://www.virustotal.com/en/file/983e662c5fa649ab25a5209d8996d6ddf581f15ef73d8e14c8360125d2c5f920/analysis/