Fernando Ruiz

Fernando Ruiz is a Security Researcher in McAfee Labs. He specializes in mobile threats and Android malware. Ruiz performs deep analysis and reverse engineering of malicious code, packers, and vulnerabilities; and creates detection technologies to proactively protect people against a wide spectrum of malware and potentially unwanted programs.
The McAfee Mobile Research Team tracks the behavior of Android click-fraud apps. We have detected multiple implementations, including recent examples on Google Play in 2016 and Clicker.BN last month. These threats are characterized by a common behavior: They appear innocuous but in the background they perform HTTP requests (simulating clicks) on paid “advertainment” to make ...
Read Blog
Click-fraud apps frequently appear on Google Play and third-party markets. They are sometimes hard to identify because the malicious behavior that simulates clicks is similar to the behavior of many legitimate applications (using common API calls and permissions). Further, part of the malicious code does not reside in the original malware and comes from a ...
Read Blog
We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim’s private information. LeakerLocker claims to have made an unauthorized backup of a phone’s sensitive information that could be leaked to a user’s contacts unless it receives ...
Read Blog
Are Android devices affected by the self-propagating ransomware WannaCry? No—because this threat exploits a vulnerability in Microsoft Windows. This malware cannot harm mobile systems. Nonetheless, some developers are taking advantage of the uproar and possible confusion to promote apps that promise to protect Android devices. While searching for “WannaCry” on GooglePlay we found several new ...
Read Blog
The McAfee Labs Mobile Malware Research team found early this week on Google Play a set of malware published by the developer account ValerySoftware: Each one of these apps have been downloaded and installed up to 500 times, which means up to 3,000 devices could be infected by this threat. Some characteristics of this malware: ...
Read Blog
Recently the McAfee Labs Mobile Malware Research team found a sample of ransomware for Android with botnet capabilities and a web-based control panel service. The malware is running on a legitimate cloud service provider. The payload of this malware can encrypt a victim’s files, steal SMS messages, and block access to the device. In this ...
Read Blog
Recently the Mobile Malware Research Team of McAfee found on Google Play a new campaign of Android/Clicker.G in dozens of published malicious apps. This threat targets Russians but the apps are accessible worldwide. The attackers lure their victims with apps associated with health care, sports, food, games, and many other topics. Some of the apps ...
Read Blog
When developers are unaware of security they open the door to threats against their customers and users. We are not just talking about exploitable vulnerabilities in their code, but about something much more obvious than that. Here is the curious case of an Android application on Google Play that contains some traces of malware, but ...
Read Blog
Android.FakeInstaller is a widespread mobile malware family. It has spoofed the Olympic Games Results App, Skype, Flash Player, Opera and many other top applications. This is not news in the mobile malware world, the FakeInstaller family is one of the most prevalent malware that we have analyzed. More than 60 percent of Android samples processed ...
Read Blog