Trojan:Android/FakeNotify disguises itself an application providing update notifications; when run however, the app silently sends SMS messages to premium-rate numbers, then redirects the user to an unsolicited website.
Once the scan is complete, the F-Secure security product will ask if you want to uninstall the file, move it to the quarantine or keep it installed on your device.
A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:
Check for the latest database updates
First check if your F-Secure security program is using the latest updates, then try scanning the file again.
Submit a sample
After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.
Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.
Exclude a file from further scanning
If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.
Note: You need administrative rights to change the settings.
Trojan:Android/FakeNotify is distributed disguised as an application that provides update notifications.
Once installed, it displays a message designed to make the user believe they will be downloading a game application. When the user clicks a button to proceed with the 'download', the malware immediately sends out three sets of SMS messages to the premium-rate numbers located in Russia.
Instead of getting the promised application, users are then directed to a website that offers more applications.
Trojan:Android/FakeNotify is discussed in further detail in the following Labs Weblog posts:
This malware is also discussed in: Q4 2011 Mobile Threat Report (PDF).