Texas 17-Year Old Scams Thousands of Android Users With Fake AV App
April 7, 2014 3:16 PM
comment(s) - last by
App hit #1, Google never suspected a 869 KB "antivirus" app by the maker of "Yolo Bilbo Swaggins" might be fake
Ouch; Google Inc.'s (
) Android suffered
another image setback
the app credibility department
this week, after one of its top apps was removed following
a damning report
by Michael Crider over at
I. Virus Shield: "Very Low Impact on Battery Life" (Because it Does NOTHING)
Released at the end of March, "
" promised to deal with one of Android users' greatest concerns -- security. It was approved by Google for sale on the Play app store. Perhaps it was the slick logo, or perhaps it was the bold promises...
Prevents harmful apps from being installed on your device.
Scans apps, settings, files, and media in real time
Protects your personal information
Strong antivirus signature detection
Very low impact on battery life
Runs in the background
No, ZERO pesky advertisments
...that left users were smitten with the new app, downloading it by the droves. Despite the cost, it quickly logged 10,000+ downloads in its first week, good enough for #1 on AppBrain's paid app charts.
Users were overjoyed at the simplicity of Virus Shield, giving it -- on average -- a 4.6 star rating . You just fired up the app and clicked the shield and an X icon changed to a check. And voilà, you were protected... right?
Well, not exactly.
's writer downloaded the app and decompiled it, which is pretty easy to do in Android with standard developer tools. What he found was that the app did have some of the features promised -- but basically just the ones that had nothing to do with security.
It's true it had no ads, and it likely used next to no battery life.
The issue was that it used next to no battery life because it was quite-literally doing nothing. The app appeared to have no real security features whatsoever, just feel-good 100-percent digital snakeoil.
II. Conned by a Kid?
Mr. Crider did not take this fabrication lightly. He wrote regarding the app's developer "Deviant Solutions":
This is fraud, pure and simple, and the developer "Deviant Solutions" potentially made considerable amounts of money based on a complete lie. We assume that a lot of the initial reviews were fake, but now that it's on the top of the charts, at least a few people will be buying it in the belief that it will protect them.
A post on Scythe -- an online gaming store suggests that a user with the same email as the Virus Shield developer ("Jesse_Carter@live.com") was
trying to scam users
out of virtual goods back in 2011 under the name InceptionDeception.
Mr. Crider writes:
There is no developer website listed on the Play Store, but
a quick search of the developer's email
, "Jesse_Carter@live.com," reveals very little information. What you can see is a banned account at Sythe.org, where the user "InceptionDeviant" is accused of trying to scam people out of various low-value game items. That's about all we could find.
We believe we've found a bit more.
A search with the original email turns up
an account on Powerbot
(a Runescape hacking site) from a male claiming to be 22. But further investigation indicates the master scammer was really just a 17-year old kid currently living somewhere in the Fort Worth area (these facts can be gleaned via his responses in the comments, as seen below).
his YouTube account
that he used to post Runescape hacking videos to. In fact it appears that Jesse Carter was actually one of the most famous scammer/spammer in the Runescape (RS) scene, going by the name "Deviant". He's perhaps most famous for his "WoodCutter" script, which many players used to cheat their way to cash.
Jesse Carter, from a video posted on YouTube
Now at the ripe age of 17 it appears that he's upgraded to fraud on Android, quite possibly making nearly $50K USD in the process (if AppBrain's estimates of 10k+ downloads are accurate). Unless, that is if another hacker stole his identity and the scammer has become the scammed -- also a real possibility.
III. Blame Goes to the Faker, to Google, and to Clueless Users Alike
Whoever the faker is the, the fact that over $50,000 USD were lost to a fraud artist is a pretty big concern for Android and raises some natural questions.
First, Android users are clearly aware of security risks, so why did they foolishly pay hard-earned cash for a supposed security firm that has virtually no web presence. The answer, in some cases may be that they confused Deviant Solutions (with an 's') with
The Deviant Solution Group
(DSG). The two appear to be entirely unrelated.
One key difference between the two is that the The DSG and Deviant Solutions is that the former is solely a third-party development hired hand. While its portfolio includes impressive products such as
, it registers these products under its clients' name on the Play Store. By contrast Deviant Solutions developed under its own name. Another key different that's now clear is that while The DSG provided apps that actually do something useful, where as Deviant Solutions specialized in apps that had no meaningful actions.
Lack of screening and scrutiny is putting Google's reputation at risk.
[Image Source: Google Reader]
Regardless, even if people stumbled across the Deviant Solution Group and mistook it for Deviant Solution
, you'd still think they'd be a bit wary of ponying up $4 USD for a security service with no dedicated website.
The report also raises question on Google's end. Apple, Inc. (
) has drawn criticism at times for watching the iTunes App Store like a hawk and
policing top ranked apps
signs of controversy
. At times it
goes too far
, certainly, but it does do a pretty good job making sure its users are stricken with such obvious fraud attempts.
Google's pre-screening has gotten much better
and relatively little malware slips through into Play Store, Google is perhaps too laissez-faire about not weeding out fakes from the ranks of its top apps.
If nothing else, the 859 KB size of the app package (talk about a lean antivirus program!), the fact that it asked for no network provisions, and its wild claims should have raised an eyebrow or two at Google. Or perhaps Mr. Carter's
Yolo Bilbo Swaggins
...should have raised an eyebrow or two. Instead Google appeared oblivious until Mr. Crider's excellent expose, at which point the ban hammer finally dropped.
"Uber SEO", aka "Yolo Bilbo Swaggins" measures in at around 700 KB, so if we had to wager a guess, it's probably safe to say that it's not doing a lot of SEO for you. Then again trusting an app called Yolo Swaggins to improve your web traffic would be kind of like trusting a security app with no public website... oh wait.
Virus Shield on Google Play [cached]
This article is over a month old, voting and posting comments is disabled
RE: Once again, BB security is king
4/8/2014 6:41:02 PM
well when you have no apps or features, it's pretty easy to run a secure platform.
RE: Once again, BB security is king
4/9/2014 1:52:45 PM
"It's okay. The scenarios aren't that clear. But it's good looking. [Steve Jobs] does good design, and [the iPad] is absolutely a good example of that." -- Bill Gates on the Apple iPad
Apple Kills Last iOS Bitcoin Wallet App
February 6, 2014, 7:58 PM
Apple Continues Its “Google Cleansing” by Removing YouTube App in iOS 6 Beta 4
August 6, 2012, 3:02 PM
Android Malware "DDSpy" Pretends to be Gmail, Steals Phone Logs
June 7, 2012, 10:59 PM
McAfee Report Claims Virtually All Mobile Malware in Q3 2011 Aimed at Android
November 21, 2011, 12:45 PM
Developer Demonstrates Serious Security Breach in iOS, Apple Bans His Account
November 8, 2011, 9:06 AM
Retiree Sues Apple For $7,500 for Wiping Honeymoon Photos From His iPhone
November 30, 2015, 10:23 AM
iPhone 7 May Pack 3-4 GB Memory, More Storage; 4-Inch Comeback is Rumored
November 20, 2015, 10:12 PM
OnePlus One, OnePlus 2 Will Receive Android Marshmallow in Q1 2016
November 16, 2015, 9:58 AM
Lenovo Whoa: Motorola Droid MAXX 2 and Turbo 2 Break Cover in Leaks
October 26, 2015, 3:12 PM
Leak: Apple Preps for First Real Android App Foray With New Apple Music App
October 24, 2015, 1:59 PM
Pepsi Smartphone? Empty Calories Coming Soon to the Midrange
October 12, 2015, 11:41 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information