Fake WannaCry ‘Protectors’ Emerge on Google Play
Are Android devices affected by the self-propagating ransomware WannaCry? No—because this threat exploits a vulnerability in Microsoft Windows. This malware cannot harm mobile systems. Nonetheless, some developers are taking advantage of the uproar and possible confusion to promote apps that promise to protect Android devices.
While searching for “WannaCry” on GooglePlay we found several new apps. Most are guides—web views, images, or text reminding us to patch Windows, as well as jokes and wallpapers. However, a few apps claim to “protect” Android devices against this Windows-only threat.
One case is the package wannacry.ransomware.protection.antivirus, which we classified as a potentially unwanted program because we see no value in an app that offers fake features and tricks unwary users into downloading an app loaded with ads.
Once the program executes it displays ads and requests that you install more sponsored apps:
All the “features” offered by WannaCry Ransomware Protection are fake; the only function in this app is a repacked scanner that can detect the presence of a few ad libraries. For that reason and in spite of the preceding warning message, it is clear the developers put little time into this development. We rate the app as Medium Risk (SHA256 hash f9dabc8edee3ce16d5688757ae18e44bafe6de5368a82032a416c8c866686897).
On Google Play we observed another fake security solution offering similar fraudulent features: com.neufapps.antiviruswannacry (SHA256 hash f9dabc8edee3ce16d5688757ae18e44bafe6de5368a82032a416c8c866686897):
Some of these apps even have very good reviews, which tells us something about the value of online reviews:
We did not find any malware in these apps offering fake protection against WannaCry, but cybercriminals often seize the opportunity of trending topics like this—as we have seen with Flash Player for Android, Pokémon Go, Mario Run, Minecraft, etc.—to distribute malicious payloads even on official apps markets.
The McAfee Labs Mobile Malware Research team has contacted Google about removing these apps. Meanwhile users must remain aware of these kinds of fake solutions that only increase your risk.