Google Android users warned vs fake antivirus spyware

What better way for a malware maker to put one over antivirus software makers by posing as a legitimate antivirus firm’s products? Makers of at least one malware did just that by making their product look like a legitimate Kapersky Antivirus 2011 product, computer security firm Sophos said on Friday. “The application package uses an icon similar to the Kaspersky Lab icon, but the actual functionality is far less useful than the functionality of the legitimate product," virus researcher Vanja Svajcer said in a blog post. Svajcer said that when the package is launched the malware attempts to get the unique device ID number and transform it into an “activation code." In the background, the malware installs a broadcast receiver that seeks to intercept SMS (text) messages and send them to a web server set up by the attacker. But in this case, the maker of the malware - which Sophos detects as Andr/SMSRep-C – had set the command-and-control web server IP address as 127.0.0.1, which “does not make the malware very useful." The IP address 127.0.0.1 refers only to the host, or the local device. As such, the broadcast receiver will not be able to send data to the network to which the Android device is connected. However, Svajcer warned this may be an early build, and a more dangerous version may be on the way. “Clearly, this is just an early test build and we will have to be on watch for the next version which will be connected with a real malicious server," Svajcer said. — TJD, GMA News