Texas 17-Year Old Scams Thousands of Android Users With Fake AV App
April 7, 2014 3:16 PM
comment(s) - last by
App hit #1, Google never suspected a 869 KB "antivirus" app by the maker of "Yolo Bilbo Swaggins" might be fake
Ouch; Google Inc.'s (
) Android suffered
another image setback
the app credibility department
this week, after one of its top apps was removed following
a damning report
by Michael Crider over at
I. Virus Shield: "Very Low Impact on Battery Life" (Because it Does NOTHING)
Released at the end of March, "
" promised to deal with one of Android users' greatest concerns -- security. It was approved by Google for sale on the Play app store. Perhaps it was the slick logo, or perhaps it was the bold promises...
Prevents harmful apps from being installed on your device.
Scans apps, settings, files, and media in real time
Protects your personal information
Strong antivirus signature detection
Very low impact on battery life
Runs in the background
No, ZERO pesky advertisments
...that left users were smitten with the new app, downloading it by the droves. Despite the cost, it quickly logged 10,000+ downloads in its first week, good enough for #1 on AppBrain's paid app charts.
Users were overjoyed at the simplicity of Virus Shield, giving it -- on average -- a 4.6 star rating . You just fired up the app and clicked the shield and an X icon changed to a check. And voilà, you were protected... right?
Well, not exactly.
's writer downloaded the app and decompiled it, which is pretty easy to do in Android with standard developer tools. What he found was that the app did have some of the features promised -- but basically just the ones that had nothing to do with security.
It's true it had no ads, and it likely used next to no battery life.
The issue was that it used next to no battery life because it was quite-literally doing nothing. The app appeared to have no real security features whatsoever, just feel-good 100-percent digital snakeoil.
II. Conned by a Kid?
Mr. Crider did not take this fabrication lightly. He wrote regarding the app's developer "Deviant Solutions":
This is fraud, pure and simple, and the developer "Deviant Solutions" potentially made considerable amounts of money based on a complete lie. We assume that a lot of the initial reviews were fake, but now that it's on the top of the charts, at least a few people will be buying it in the belief that it will protect them.
A post on Scythe -- an online gaming store suggests that a user with the same email as the Virus Shield developer ("Jesse_Carter@live.com") was
trying to scam users
out of virtual goods back in 2011 under the name InceptionDeception.
Mr. Crider writes:
There is no developer website listed on the Play Store, but
a quick search of the developer's email
, "Jesse_Carter@live.com," reveals very little information. What you can see is a banned account at Sythe.org, where the user "InceptionDeviant" is accused of trying to scam people out of various low-value game items. That's about all we could find.
We believe we've found a bit more.
A search with the original email turns up
an account on Powerbot
(a Runescape hacking site) from a male claiming to be 22. But further investigation indicates the master scammer was really just a 17-year old kid currently living somewhere in the Fort Worth area (these facts can be gleaned via his responses in the comments, as seen below).
his YouTube account
that he used to post Runescape hacking videos to. In fact it appears that Jesse Carter was actually one of the most famous scammer/spammer in the Runescape (RS) scene, going by the name "Deviant". He's perhaps most famous for his "WoodCutter" script, which many players used to cheat their way to cash.
Jesse Carter, from a video posted on YouTube
Now at the ripe age of 17 it appears that he's upgraded to fraud on Android, quite possibly making nearly $50K USD in the process (if AppBrain's estimates of 10k+ downloads are accurate). Unless, that is if another hacker stole his identity and the scammer has become the scammed -- also a real possibility.
III. Blame Goes to the Faker, to Google, and to Clueless Users Alike
Whoever the faker is the, the fact that over $50,000 USD were lost to a fraud artist is a pretty big concern for Android and raises some natural questions.
First, Android users are clearly aware of security risks, so why did they foolishly pay hard-earned cash for a supposed security firm that has virtually no web presence. The answer, in some cases may be that they confused Deviant Solutions (with an 's') with
The Deviant Solution Group
(DSG). The two appear to be entirely unrelated.
One key difference between the two is that the The DSG and Deviant Solutions is that the former is solely a third-party development hired hand. While its portfolio includes impressive products such as
, it registers these products under its clients' name on the Play Store. By contrast Deviant Solutions developed under its own name. Another key different that's now clear is that while The DSG provided apps that actually do something useful, where as Deviant Solutions specialized in apps that had no meaningful actions.
Lack of screening and scrutiny is putting Google's reputation at risk.
[Image Source: Google Reader]
Regardless, even if people stumbled across the Deviant Solution Group and mistook it for Deviant Solution
, you'd still think they'd be a bit wary of ponying up $4 USD for a security service with no dedicated website.
The report also raises question on Google's end. Apple, Inc. (
) has drawn criticism at times for watching the iTunes App Store like a hawk and
policing top ranked apps
signs of controversy
. At times it
goes too far
, certainly, but it does do a pretty good job making sure its users are stricken with such obvious fraud attempts.
Google's pre-screening has gotten much better
and relatively little malware slips through into Play Store, Google is perhaps too laissez-faire about not weeding out fakes from the ranks of its top apps.
If nothing else, the 859 KB size of the app package (talk about a lean antivirus program!), the fact that it asked for no network provisions, and its wild claims should have raised an eyebrow or two at Google. Or perhaps Mr. Carter's
Yolo Bilbo Swaggins
...should have raised an eyebrow or two. Instead Google appeared oblivious until Mr. Crider's excellent expose, at which point the ban hammer finally dropped.
"Uber SEO", aka "Yolo Bilbo Swaggins" measures in at around 700 KB, so if we had to wager a guess, it's probably safe to say that it's not doing a lot of SEO for you. Then again trusting an app called Yolo Swaggins to improve your web traffic would be kind of like trusting a security app with no public website... oh wait.
Virus Shield on Google Play [cached]
This article is over a month old, voting and posting comments is disabled
RE: How did Android get so bad?
4/8/2014 3:41:08 PM
But this is Tony, I did not think he had it in him, which is why I am thinking somebody hijacked his account.
RE: How did Android get so bad?
4/8/2014 5:30:28 PM
Whats the term even a broken clock is right twice a day?
RE: How did Android get so bad?
4/9/2014 1:06:59 PM
That only applies to the old, outdated analog clocks. A broken digital clock is usually wrong all the time.
"Young lady, in this house we obey the laws of thermodynamics!" -- Homer Simpson
Apple Kills Last iOS Bitcoin Wallet App
February 6, 2014, 7:58 PM
Apple Continues Its “Google Cleansing” by Removing YouTube App in iOS 6 Beta 4
August 6, 2012, 3:02 PM
Android Malware "DDSpy" Pretends to be Gmail, Steals Phone Logs
June 7, 2012, 10:59 PM
McAfee Report Claims Virtually All Mobile Malware in Q3 2011 Aimed at Android
November 21, 2011, 12:45 PM
Developer Demonstrates Serious Security Breach in iOS, Apple Bans His Account
November 8, 2011, 9:06 AM
New Photos Show “Assembled” iPhone 6, Protruding Camera Ring
August 20, 2014, 2:32 PM
ZTE Nubia 5S mini LTE 4.7" Smartphone Headed to U.S. for $280 Unlocked
August 20, 2014, 10:37 AM
AT&T Will Also Receive the HTC One (M8) for Windows
August 19, 2014, 9:27 PM
Sharp's "Edge-to-Edge" AQUOS Crystal Smartphone Coming to Sprint for $239 Off-Contract
August 19, 2014, 7:31 PM
After 34 Years With Microsoft, Steve Ballmer Parts Way to Focus on LA Clippers
August 19, 2014, 4:17 PM
HTC One (M8) for Windows Officially Announced for Verizon Wireless
August 19, 2014, 12:15 PM
Most Popular Articles
Lumia 830 Gets Major Upgrades Including New 20.1 Megapixel Toshiba Sensor
August 15, 2014, 6:00 PM
Windows Phone, BlackBerry Smartphone Market Share Falls to 2.5%, 0.5% Respectively
August 15, 2014, 9:44 AM
GM Concedes That the Cadillac ELR Doesn’t Really Compete with the Tesla Model S
August 15, 2014, 5:42 PM
Cell Phone Thief Calls 911 After Her Victim Chases Her and Her Male Cohort
August 14, 2014, 12:11 PM
Smarter Wired, Wireless Chargers Set to Shake Up Mobile Industry
August 14, 2014, 6:39 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information