Texas 17-Year Old Scams Thousands of Android Users With Fake AV App
April 7, 2014 3:16 PM
comment(s) - last by
App hit #1, Google never suspected a 869 KB "antivirus" app by the maker of "Yolo Bilbo Swaggins" might be fake
Ouch; Google Inc.'s (
) Android suffered
another image setback
the app credibility department
this week, after one of its top apps was removed following
a damning report
by Michael Crider over at
I. Virus Shield: "Very Low Impact on Battery Life" (Because it Does NOTHING)
Released at the end of March, "
" promised to deal with one of Android users' greatest concerns -- security. It was approved by Google for sale on the Play app store. Perhaps it was the slick logo, or perhaps it was the bold promises...
Prevents harmful apps from being installed on your device.
Scans apps, settings, files, and media in real time
Protects your personal information
Strong antivirus signature detection
Very low impact on battery life
Runs in the background
No, ZERO pesky advertisments
...that left users were smitten with the new app, downloading it by the droves. Despite the cost, it quickly logged 10,000+ downloads in its first week, good enough for #1 on AppBrain's paid app charts.
Users were overjoyed at the simplicity of Virus Shield, giving it -- on average -- a 4.6 star rating . You just fired up the app and clicked the shield and an X icon changed to a check. And voilà, you were protected... right?
Well, not exactly.
's writer downloaded the app and decompiled it, which is pretty easy to do in Android with standard developer tools. What he found was that the app did have some of the features promised -- but basically just the ones that had nothing to do with security.
It's true it had no ads, and it likely used next to no battery life.
The issue was that it used next to no battery life because it was quite-literally doing nothing. The app appeared to have no real security features whatsoever, just feel-good 100-percent digital snakeoil.
II. Conned by a Kid?
Mr. Crider did not take this fabrication lightly. He wrote regarding the app's developer "Deviant Solutions":
This is fraud, pure and simple, and the developer "Deviant Solutions" potentially made considerable amounts of money based on a complete lie. We assume that a lot of the initial reviews were fake, but now that it's on the top of the charts, at least a few people will be buying it in the belief that it will protect them.
A post on Scythe -- an online gaming store suggests that a user with the same email as the Virus Shield developer ("Jesse_Carter@live.com") was
trying to scam users
out of virtual goods back in 2011 under the name InceptionDeception.
Mr. Crider writes:
There is no developer website listed on the Play Store, but
a quick search of the developer's email
, "Jesse_Carter@live.com," reveals very little information. What you can see is a banned account at Sythe.org, where the user "InceptionDeviant" is accused of trying to scam people out of various low-value game items. That's about all we could find.
We believe we've found a bit more.
A search with the original email turns up
an account on Powerbot
(a Runescape hacking site) from a male claiming to be 22. But further investigation indicates the master scammer was really just a 17-year old kid currently living somewhere in the Fort Worth area (these facts can be gleaned via his responses in the comments, as seen below).
his YouTube account
that he used to post Runescape hacking videos to. In fact it appears that Jesse Carter was actually one of the most famous scammer/spammer in the Runescape (RS) scene, going by the name "Deviant". He's perhaps most famous for his "WoodCutter" script, which many players used to cheat their way to cash.
Jesse Carter, from a video posted on YouTube
Now at the ripe age of 17 it appears that he's upgraded to fraud on Android, quite possibly making nearly $50K USD in the process (if AppBrain's estimates of 10k+ downloads are accurate). Unless, that is if another hacker stole his identity and the scammer has become the scammed -- also a real possibility.
III. Blame Goes to the Faker, to Google, and to Clueless Users Alike
Whoever the faker is the, the fact that over $50,000 USD were lost to a fraud artist is a pretty big concern for Android and raises some natural questions.
First, Android users are clearly aware of security risks, so why did they foolishly pay hard-earned cash for a supposed security firm that has virtually no web presence. The answer, in some cases may be that they confused Deviant Solutions (with an 's') with
The Deviant Solution Group
(DSG). The two appear to be entirely unrelated.
One key difference between the two is that the The DSG and Deviant Solutions is that the former is solely a third-party development hired hand. While its portfolio includes impressive products such as
, it registers these products under its clients' name on the Play Store. By contrast Deviant Solutions developed under its own name. Another key different that's now clear is that while The DSG provided apps that actually do something useful, where as Deviant Solutions specialized in apps that had no meaningful actions.
Lack of screening and scrutiny is putting Google's reputation at risk.
[Image Source: Google Reader]
Regardless, even if people stumbled across the Deviant Solution Group and mistook it for Deviant Solution
, you'd still think they'd be a bit wary of ponying up $4 USD for a security service with no dedicated website.
The report also raises question on Google's end. Apple, Inc. (
) has drawn criticism at times for watching the iTunes App Store like a hawk and
policing top ranked apps
signs of controversy
. At times it
goes too far
, certainly, but it does do a pretty good job making sure its users are stricken with such obvious fraud attempts.
Google's pre-screening has gotten much better
and relatively little malware slips through into Play Store, Google is perhaps too laissez-faire about not weeding out fakes from the ranks of its top apps.
If nothing else, the 859 KB size of the app package (talk about a lean antivirus program!), the fact that it asked for no network provisions, and its wild claims should have raised an eyebrow or two at Google. Or perhaps Mr. Carter's
Yolo Bilbo Swaggins
...should have raised an eyebrow or two. Instead Google appeared oblivious until Mr. Crider's excellent expose, at which point the ban hammer finally dropped.
"Uber SEO", aka "Yolo Bilbo Swaggins" measures in at around 700 KB, so if we had to wager a guess, it's probably safe to say that it's not doing a lot of SEO for you. Then again trusting an app called Yolo Swaggins to improve your web traffic would be kind of like trusting a security app with no public website... oh wait.
Virus Shield on Google Play [cached]
This article is over a month old, voting and posting comments is disabled
RE: How did Android get so bad?
4/8/2014 11:10:47 AM
To add to that, I don't really think it is google's job to make sure software does what it claims, as long as it does not have malware. They don't go into games and make sure they are fun, or go into netflix and make sure it has as much content as they claim.
This is simply a case of buyer beware, and don't just jump on the bandwagon of any app, or any purchase that happens to be popular at that moment.
I actually don't want Google censoring what is there, other than for security/malware issues. This whole thing will be blown up by some media outlets (and any apple site) as showing that android is horrible, but it is actually one of the reasons I like Android, they are not censoring what I can and cannot download.
"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." -- Bill Gates
Apple Kills Last iOS Bitcoin Wallet App
February 6, 2014, 7:58 PM
Apple Continues Its “Google Cleansing” by Removing YouTube App in iOS 6 Beta 4
August 6, 2012, 3:02 PM
Android Malware "DDSpy" Pretends to be Gmail, Steals Phone Logs
June 7, 2012, 10:59 PM
McAfee Report Claims Virtually All Mobile Malware in Q3 2011 Aimed at Android
November 21, 2011, 12:45 PM
Developer Demonstrates Serious Security Breach in iOS, Apple Bans His Account
November 8, 2011, 9:06 AM
Apple iOS 8.4 Rolls Out w/ Fix to Crash-Causing Unicode Text
June 30, 2015, 3:24 PM
Quick Note: Lumia 940 XL "Cityman" Phablet Gets Teased Via Tests
June 29, 2015, 5:51 PM
SanDisk's 200GB microSDXC Card Turns Smartphones Into Enviable PMPs
June 26, 2015, 2:02 PM
Xbox Outsold 108-to-1 By PS4 in Japan, Weekly Sales Fall to 100 Units
June 22, 2015, 1:54 PM
Apple Watch is Available to Order Again, 2.79 Million Units Estimated Sold so Far
June 18, 2015, 5:46 PM
Lumia 940 and 1040 Teased at in Alleged Leaked Images
June 15, 2015, 6:22 PM
Most Popular Articles
F-16 Schools Trillion-Dollar F-35 in Mock Combat, Fleeing is Best Option Pilot Admits
July 1, 2015, 5:53 PM
SpaceX Falcon 9's Seventh Supply Mission to ISS Ends w/ Fiery Stage 1 Explosion
June 28, 2015, 1:10 PM
SanDisk's 200GB microSDXC Card Turns Smartphones Into Enviable PMPs
June 26, 2015, 2:02 PM
Windows XP, Vista Users Can Get Free Windows 10 Upgrade Thanks to Loophole
June 23, 2015, 2:23 PM
Apple Music: The Money, The Launch Hiccups, and the Nitty Gritty Details
June 30, 2015, 5:09 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information