McAfee details Android. FakeInstaller malicious camouflage Program (1)

Android. FakeInstaller is a widely spread mobile malware series. It used to impersonate Olympic Match scores, Skype, Flash Player, Opera, and many other popular apps. In fact, in the mobile malware field, the FakeInstaller series is one of the most rampant malware we have analyzed. More than 60% of McAfee's malware samples for Android systems are from the FakeInstaller series. With the increase in server-side polymorphism, obfuscation, reverse inversion, frequent re-compilation, and other tricks to escape detection, this threat has gradually increased.

Android. FakeInstaller will send a message to the toll service phone number, you can disguise itself as a legal installer without the user's consent. This malware has a large variety of variants, spread through hundreds of websites and counterfeit markets, and its coverage is expanding day by day.

Android. FakeInstaller icon

When users search for popular apps, if they accidentally access a fake official site or counterfeit market through a search engine or social network, they will encounter seemingly legitimate applications, includes screenshots, user comments, instructions, videos, etc., to lure victims into downloading malware. When you are running Android. fakeInstaller first displays a service protocol, telling users that one or more messages will be sent. This interface is enough to confuse many people, when the user starts to click "agree" or "Next", the system will start to forcibly send paid text messages to the user. We also found that some versions have sent text messages before the victim clicks the button.

Android. FakeInstaller has different versions. It simulates the installation or download interface of valid applications.

After you click the button, the FakeInstaller sometimes displays a false download progress bar. Finally, the dialog box is closed, and the victim is redirected to another counterfeit market. Nor can users get the desired application.