Scammers are trying to capitalize on the fear and confusion caused by the WannaCry ransomware that infected over 200,000 Windows systems in the past weeks.
The spread of WannaCry has slowed down, but several new scams have emerged in the wake of its outbreak nearly two weeks ago.
WannaCry gained notoriety because its developers integrated two Windows exploits that were allegedly developed by the National Security Agency (NSA) for intelligence purposes and put them to use to support a cybercrime enterprise. The exploits accelerated the spread of the WannaCry mostly to un-patched Windows 7 machines on internal networks harboring at least one infected PC.
While WannaCry attack had a greater impact on corporate networks, scammers are now coming for consumers.
Security firm McAfee this week identified several bogus apps on Google Play that claim to shield Android devices from the Windows malware. Android devices are not exposed to Windows malware or the two NSA exploits, but that hasn’t stopped scammers from distributing “antivirus” apps on Google’s official app store that claim to stop WannaCry on Android.
As McAfee points out, one Android package is labeled “wannacry.ransomware.protection.antivirus”, which claims to protect against the non-existent threat. Though it is harmless, every use install translates to ad revenue for the scammers. The app, called WannaCry Ransomware Protection, is promoted on Google Play as a “patch for Android SmartPhone from WannaCry Ransomware”.
The app does have an anti-malware scanner, and though it isn’t built to detect much beyond a few ad libraries, it does detect itself as a “Medium Risk”, perhaps revealing the lack of care its developers had in building a real protection tool.
Another fake WannaCry antivirus solution on Google Play was “Anti WannaCry Virus”, which offered similar features.
“We did not find any malware in these apps offering fake protection against WannaCry, but cybercriminals often seize the opportunity of trending topics like this—as we have seen with Flash Player for Android, Pokémon Go, Mario Run, Minecraft, etc.—to distribute malicious payloads even on official apps markets,” said McAfee researcher Fernando Ruiz.
Google has removed the two apps as well as at least one other that appear to be just a guide on how to protect against WannaCry. The apps do not appear to have been widely installed. However, some harmless WannaCry guides remain available.
The other shady group drawn to WannaCry’s currency are tech support scammers who use fake security pop-up alerts in desktop browser to con victims.
The UK’s National Fraud & Cyber Crime Reporting Centre warned this week that one victim had granted remote access to a bogus Microsoft support staff after a pop-up said the PC was infected with WannaCry. As usual, the pop-up prompted the victim to contact a call centre for help. When the victim rang the number, the fraudsters 'helped' by providing the Windows Malicious Software Removal Tool, which is a legitimate and free product from Microsoft that the scammers charged £320 for.
Had the victim really been infected with WannaCry, the ransom demand would have been substantially less, albeit with the additional stress of losing encrypted files.
It’s always a good idea to remember that Microsoft never reaches out to provide tech support. Nor does any Microsoft alert contain a contact number.