Thursday, January 10, 2013

Sorta Fake Anti Virus "Android Armour"

A post Today on Sophos Caught my attention and I decided to take a look at this myself. So, I went to the website, http://androidarmour.com/, to invastigate further. This is one big scam and I don't think it will take too long for most to catch on. As it stands now it looks like only Sophos and Eset detect these, but I doubt it wont be long before they all do. Just like the article said it deep scans every file on your device by sending each one over to Virus Total, a FREE scanning site by the way, then it charges you 99 cents a week for a service which you could do for free.  While this could be beneficial it sets your phone up to all kind of weird things like deletion of false positives by any of the numerous scanners on Virus Total, some of which are specialized to the needs of a few corporations.  But what the Sophos article didn't explain in-depth is that it also sets you up to have your private info leaked all over the internet.
 
What Virus Total does, which by the way is owned by Google, is publicly scan a file against all active virus scanners in it's database.  It also saves all files submitted in a massive "malware" database for "private" use by security professionals. So, you just got those naked pics for your boyfriend or girlfriend and saved them on your phone with "Android Armour" installed, or even worse (yes worse then that!!!) you saved an earnings report to work on at lunch or you used your phone with a credit card machine to pay your bills. So, now all of those files are now owned by Virus Total, Google, and every other security company or professional that pays Virus Total for access to downloads.  I hope you don't mind a bunch of geeks in an office somewhere goggling over your girls naked chest while your leaked earnings report causes stocks to plummet and your credit card info is being used to make a purchase at Macy's. While that's an extreme example, any company that claims to be a security company and an anti-malware company needs to tell you what they do with your data if they take it all.

So... they are just sending data to another security company, one owned by Google, non the less and this still could be beneficial and very time saving to have my files scanned against every major AV company there is, right? No, what Sophos either field to mention or didn't notice is that your personal information is also being tracked and sent to an advertiser at https://mixpanel.com/.  Check out what mixpanel does in this mashable article.

To check out this APK yourself, you can download it from here.  This is an uncensored link diretly to the malware page, so don't actually install it on your device. It can be a real pain to uninstall as it requires admin privileges. Don't worry about the animation, it's all for show, and whatever you do, don't pay for the service. The service is an "opt-out" where you get billed then have to reduce to the free one within a certain amount of time and the only way to stop billing is...

“Your AndroidArmour.com Premium Account will continue in effect unless and until you cancel your premium Account or we terminate it. You must cancel your Premium Account before it renews each month, as applicable, in order to avoid billing of the next month’s to your credit card. If you wish to cancel your Premium Account you may do so by calling Customer Support: 1-800-910-6786.”


Stay safe out there
-R`/4N

Remember to stay safe and stay protected out there.
You can get all the best security software for your Android, PC, or anything else at Amazon for cheap.