A new malware scheme has been discovered that pushes fake antivirus software to Android users via in-app advertising. Once installed, the trojan informs the victims they need to pay up to remove threats on their device.
The malware in question, detected as “Android.Fakealert.4.origin” by Russian security firm Doctor Web, has been around since at least October 2012 according to the company. This latest fraud is a particularly complex one: it involves multiple Android apps displaying advertisements, a relatively inexpensive means to reach a wide audience, which prompt users to scan their mobile devices for “viruses” and then lures them to a site where they are told to download the fake antivirus.
While Android malware that masks itself as an antivirus for Google’s platform is nothing new, and neither are ads in Android apps pushing malware, but putting the two together can certainly be effective. This is naturally a practice that Windows users are all too familiar with, and it’s worrying to see it ported to Android along with all the other previous schemes we’ve already seen so far.
Here are two examples of the ads being used:
This is what Android users see if they are tricked into installing the fake antivirus:
Just like on other platforms, this malware displays a fake scanning result to intimidate users to purchase the fake antivirus program. Doctor Web recommends for Android users to be “more skeptical about various ads displayed by applications and to use reliable anti-virus software, when necessary.” In other words, if you’re going to install an Android antivirus, make sure it’s a legitimate one on Google Play rather than something you found via a sketchy ad in another app.
See also – Over 60% of Android malware steals your money via premium SMS, hides in fake forms of popular apps and Android malware emerges on Google Play which installs a trojan on your PC, uses your microphone to record you
Top Image credit: Marcel Hol