These days, fake Antivirus programs that run under Windows look just as good as real, valid antivirus tools. They'll run a scan for free—a fast one, since there's no actual scanning going on. However, to remove the imaginary malware found by the scan, you'll have to pay up. In a recent blog post, Symantec researcher Joji Hamada reported that this type of malware has come to Android, and it's even more aggressive than the typical Windows fake antivirus. Symantec calls the malware sample featured in this post Android.Fakedefender, because it installs as a trial version calling itself Android Defender.
The typical Windows-based fake antivirus programs attempt to scare the user into paying for a registered version by displaying frightening scan results, hence the name scareware. They work hard to look just like a valid antivirus, to the point that some even offer tech support. It's not uncommon for victims to express outrage when a legitimate security product removes the fake one: "Hey, that's my antivirus! I paid for that!"
Porn Discovered :
In what may be an attempt to discourage you from seeking help, the fake antivirus reports that it has detected malware attempting to steal pornographic content from the phone. How embarrassing! At this point, you can't delete the fake antivirus and can't launch any other apps. The only way to recover, short of a hard reset, is to purchase the full version. It's effectively holding your phone for ransom. Hamada didn't state whether paying the ransom actually unlocks the phone.
F-Secure's Mikko Hypponen has gone on record stating that the biggest threat for Android users is losing your phone, not malware. Hamada begs to differ, pointing out that malware like this is really, really hard to remove once it gets a foothold. He advises running mobile security software to keep threats like this from installing in the first place.