The official Google Play Store, used by Android users to download apps for smartphones and tablets, is being overrun with fake software posing as 'protectors' and 'scanners' for the WannaCry strain of ransomware that recently infected more than 200,000 machines in 150 countries.
"Some developers are taking advantage of the uproar and possible confusion to promote apps that promise to protect Android devices," said Fernando Ruiz, a security expert at McAfee, who was among the first to spot the suspicious — and potentially malware-ridden — applications.
WannaCry, a strain of malware super-powered by leaked National Security Agency (NSA) cyberweapons, only targets devices running Windows OS.
There have been no recorded cases of it infecting Android-based smartphones or tablets.
"While searching for 'WannaCry' on Google Play we found several new apps," Ruiz said in a blog post.
"Most are guides, images, or text reminding to patch Windows, as well as jokes and wallpapers.
"However, a few apps claim to protect Android devices against this Windows-only threat.
"One case is the package WannaCry Ransomware Protection, which we classified as a potentially unwanted program because we see no value in an app that offers fake features and tricks unwary users into downloading an app loaded with ads. All the features offered [...] are fake."
IBTimes UK found the same app still listed on the Play Store – somehow boasting positive user feedback. Other available apps had titled such as "Anti Ransomware WannaCry" and "WannaCry Scanner." The permissions these request range from the nondescript to highly alarming.
Anti-Ransomware WannaCry, last updated on 22 May, claimed to "detect early presence" of the ransomware on Android devices.
"The more often you scan your device, the more protected from the danger of ransomware," its developers wrote in the app's description.
Another piece of software openly available to Android users, WannaCry Scanner, stated: "To ensure the safety of your phone, download and test immediately if your phone contains the WannaCry virus and you need (sic) to avoid losing money and information unfairly."
Once downloaded, it asks for a number of highly-suspect permissions. (See right).
These included: modify or delete the contents of your USB storage, receive data from internet, view network connections, full network access and prevent device from sleeping. The developers of three separate WannaCry-based apps did not immediately respond to requests for comment.
Some strains of ransomware can indeed infect smartphones and tablets – but not WannaCry.
"Cybercriminals often seize the opportunity of trending topics like this - as we have seen with Flash Player for Android, Pokémon Go, Mario Run, Minecraft, etc. - to distribute malicious payloads even on official apps markets," warned Ruiz.
"Users must remain aware of these kinds of fake solutions that only increase your risk," he said.