Yup, the Android app store is full of useless, unwanted anti-WannaCry apps

Let’s hope they don’t morph into something more dangerous…

Yup, the Android app store is full of useless, unwanted anti-WannaCry apps

Apps claiming to protect Android users against WannaCry ransomware are popping up on Google Play, but all of them are a bunch of hogwash.

Type "WannaCry" into Google Play, and you'll come across several apps dedicated to the ransomware family that took the world by storm on 12 May.

Screen shot 2017 05 24 at 8.36.41 am

Screen shot of "WannaCry" Google Play search 24/05/17.

WannaCry swept across 150 countries and more than 200,000 organizations by exploiting a security flaw on unpatched Windows machines using attack code developed by the NSA and leaked by the Shadow Brokers. In other words, the ransomware targeted vulnerable versions of Microsoft's software. It has definitely not somehow spread to Google's Android mobile OS as of this writing.

Still, that hasn't stopped some Android developers from seizing on the fervor to promote fake WannaCry protection apps.

Fernando Ruiz, a security researcher at McAfee, took a look at some of these programs. Many are harmless wallpaper apps. But others (such as one named wannacry.ransomware.protection.antivirus) are a bit more sophisticated. That particular app leverages a warning message to trick users into downloading sponsored programs that in turn display ads.

Unnamed

Ruiz provides more details about WannaCry Ransomware Protection:

"All the 'features' offered by WannaCry Ransomware Protection are fake; the only function in this app is a repacked scanner that can detect the presence of a few ad libraries. For that reason and in spite of the preceding warning message, it is clear the developers put little time into this development. We rate the app as Medium Risk (SHA256 hash f9dabc8edee3ce16d5688757ae18e44bafe6de5368a82032a416c8c866686897)."

The app doesn't have too many bad reviews, either, which further lends to an appearance of legitimacy.

Screen shot 2017 05 24 at 8.54.07 am

It's tempting to get swept up in something like the WannaCry attacks and download an app. But that's exactly what fraudulent developers want you to do. We've seen it before with games like Minecraft, Super Mario Run, and Pokémon Go. All these apps capitalized on Android users' excitement, and all of them downloaded much worse threats than potentially unwanted programs (PUPs).

Acknowledging criminals' exploitation of events like WannaCry, it's important that Android users don't go installing apps for no reason. They'd be better served boosting their mobile security overall by downloading a anti-virus solution onto their devices, downloading apps only from Google's Play Store, and not doling out superuser rights except to only the most trusted of apps.

Tags: , , , , ,

Smashing Security audio podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

Subscribe to the free GCHQ newsletter

, , , , ,

4 Responses

  1. John

    May 30, 2017 at 11:50 am #

    And where is Google? One thing is to let in malevolent apps into the Play store by accident, but it seems to me that the Google's oversight in its store is as non-existent as it can be.

  2. beachbubba

    May 30, 2017 at 3:33 pm #

    I thought WannaCry (WannaCrypt) was something that affected only certain versions of the Windows OS. I was not aware that it was also being used to attack Android.

    • Graham Cluley in reply to beachbubba.

      May 30, 2017 at 3:42 pm #

      You're correct. WannaCry only infects Windows computers.

      Hence we know that any Android app offering WannaCry protection is useless and unwanted. :)

    • Chris in reply to beachbubba.

      May 31, 2017 at 10:45 am #

      The article states that these apps on Android are useless because Wannacry only affects Windows. That's pretty much the point of the article.

Leave a Reply