While the world is still battling the WannaCry ransomworm menace, fraudsters have decided to exploit the threat’s visibility and users’ confusion to make them install fake Android apps that supposedly protect against it.
WannaCry hits Russia’s postal service
Reuters has reported on Wednesday that the Russian postal service was among the organizations hit with WannaCry last week, and that it is still dealing with the aftermath.
According to some of the employees, the malware apparently did not infect employees computers – just the postal services automated queue management system, i.e. its touch-screen terminals running on Windows XP.
But given that WannaCry didn’t work on Windows XP systems makes the accuracy of this news a bit doubtful.
In fact, the Post’s spokesman told Reuters that no computers were infected, but that some terminals have been temporarily switched off as a precaution.
Among the Russian organizations hit with the malware are mobile operator MegaFon, the Russian Railways, and the Interior Ministry. It has been estimated that of the total computers infected around the world, 20 percent are located in Russia.
“The severity of WannaCry infections in Russia may come as a surprise to some, considering the country is known for its advanced cyber-espionage capabilities. But, sophisticated offensive capabilities aren’t necessarily indicative of a strong defensive posture, partly because a country’s cybersecurity is largely determined by the precautions put in place by non-technical organizations, like post offices,” noted Vishal Gupta, CEO of Seclore.
“It’s unlikely WannaCry impacted Russian’s Foreign Intelligence Service, but in cases of ransomware, technically sophisticated government agencies aren’t the prime target. Russia is filled with organization’s running highly outdated legacy software, which don’t receive regular software updates, making the country a prime target for WannaCry. And, without the proper data-centric security controls in place, targeted organizations stood little chance against the worm once infected.”
WannaCry “protector” apps on Google Play
Since WannaCry became bit news, Google Play has been inundated with apps taking advantage of the name.
And while most are guides that tell users what to do to protect their Windows machines and joke apps aimed at pranking users into believing their mobile phone has been hit, some of the apps claimed to offer protection against the threat – even though WannaCry doesn’t work on Android!
McAfee researchers have found several such apps. Their main objective is to show ads to users, and trick them into downloading additional unwanted apps. Some have already been removed from the app store, but some still linger.
“Some of these apps even have very good reviews, which tells us something about the value of online reviews,” McAfee researcher Fernando Ruiz noted, and advised users to be careful what apps they install.
“We did not find any malware in these apps offering fake protection against WannaCry, but cybercriminals often seize the opportunity of trending topics like this—as we have seen with Flash Player for Android, Pokémon Go, Mario Run, Minecraft, etc.—to distribute malicious payloads even on official apps markets.”