FireEye discovered an email spam campaign, currently ongoing, which is dropping the well-known Android malware Android FakeDefender. Looking through our DTI platform, we believe that this campaign started on the 6th of September.
Vector of Propagation
FireEye Labs has identified emails that are being used as part of this campaign. Below are some of the emails we noticed serving this malware. Once the user clicks on the link in the email from an Android device, the ask gets downloaded.