FakeDefender is a mobile ransomware that targets Android devices. When a device is compromised, a message appears indicating that the device is at risk of being infected and offers free scans to detect any malware or Trojans. These scans report false positives for various malware infections and FakeDefender then prompts the victim to purchase additional software in order to remove the supposed infections. If the victim does decide to purchase and install the additional software, FakeDefender provides bogus updates while making the infected device vulnerable to legitimate malware infections. In order to avoid becoming infected with this mobile malware variant, Android users are encouraged to not download any apps outside of the official Google Play Store.


  • September 2013: A second Android ransomware is detected and predicted to be made by the same author as FakeDefender. (Symantec)
  • June 2013: FakeDefender began infecting Android devices. (LAPTOP)

One example of the FakeDefender variant. Image Source: Symantec