Forgot your password?
typodupeerror
Advertising Android Cellphones Crime Handhelds

Android Users Get Scammed With In-App Antivirus Ads 82

Posted by timothy
from the like-robots-these-androids dept.
An anonymous reader writes "A new malware scheme has been discovered that pushes fake antivirus software to Android users via in-app advertising. Once installed, the trojan informs the victims they need to pay up to remove threats on their device. The malware in question, detected as "Android.Fakealert.4.origin" by Russian security firm Doctor Web, has been around since at least October 2012 according to the company. While Android malware that masks itself as an antivirus for Google's platform is nothing new, and neither are ads in Android apps pushing malware, but putting the two together can certainly be effective. This is naturally a practice that Windows users are all too familiar with."
This discussion has been archived. No new comments can be posted.

Android Users Get Scammed With In-App Antivirus Ads

Comments Filter:
  • by belthize (990217) on Friday April 19, 2013 @08:34PM (#43499937)

    I will never understand why phishing and malware attempts always have some weird tell that they're not legit. Whether it's some bizarre choice of words in the midst of an otherwise fairly legit looking piece of email or Cyrillic text in the middle of an otherwise semi-legit looking app there's always a tell.

    It's as if the authors are carefully trying to prey only on the truly stupid.

    • It's as if the authors are carefully trying to prey only on the truly stupid.

      Given how advance fee fraud works [slashdot.org], that's probably right.

      • It's as if the authors are carefully trying to prey only on the truly stupid.

        Given how advance fee fraud works [slashdot.org], that's probably right.

        I had a phishing attempt recently that really looked like it was from the IRS, down to the logos and all. I know the IRS and banks don't send unsolicited emails out, the real clincher was the reply address ended in ".irt". So, it got forwarded to abuse@irs.gov, same thing I do with bank phishing attempts. The only bad thing is I'll never know if I helped catch a phisher.

      • by belthize (990217)

        That's a slightly different scenario though. In this case they don't have to weed out responders to save time. For most click here, enter data here type phishing attempts it's a one time interaction. If you're dumb enough to take the first step there's no second step to save you.

        I guess I shouldn't have written 'I will never understand' but I certainly don't at the moment. I'll admit it's so pervasive there may be a reason but they're usually fairly subtle errors where as the Nigerian scammers are fairl

    • by alostpacket (1972110) on Friday April 19, 2013 @09:50PM (#43500425) Homepage

      You know, I got that same feeling when the article said this was from "Russian security firm Doctor Web" and the malware dates back to October 2012.

      They may be legit, but I did a double take on the name and country of the company, as well as the date.

      Looks like it comes from TFA, which is next to useless for actual helpful information. No mention of what ad networks, or what apps theses were found in. They even blur the website name of where they encountered an ad. The Next Web article seems to be copy-pasta from the AV 'article' (probably better described as a press release). I clicked around their site and their links are broken and redirect to a scary 404 page that gives me instructions on how to recover Windows. Pot, kettle, anyone?

      But sure enough, they sell Android antivirus software.

      (Full disclosure: I sell an app meant to teach new users about Android permissions, but also give the text of the guide away -- still, take what I say with a grain of salt, like anyone else).

    • by tlhIngan (30335)

      I will never understand why phishing and malware attempts always have some weird tell that they're not legit. Whether it's some bizarre choice of words in the midst of an otherwise fairly legit looking piece of email or Cyrillic text in the middle of an otherwise semi-legit looking app there's always a tell.

      It's as if the authors are carefully trying to prey only on the truly stupid.

      There is some logic in that - if you eliminate the ones smart enough to do stuff like that, you have a better chance of remain

    • Spoken like someone who doesn't have kids. Mine are now old enough to understand how to "click OK", but i'm not around when they generally use the computer and my wife definitely doesn't understand it like I do.

      I've removed several malware programs from the computer, and I know that it's coming from those free kids game sites which my kids use on a regular basis. They're not stupid, but naive to these sorts of things. Like most things I can explain it to them a thousand times, but when you hold a shiny
      • So why do your kids have admin accounts on the computer?

        • by daveime (1253762)
          Why do you assume the kind of malware that displays a scary popup message about viruses would be running as root ?
          • WTF has root got to do with anything? I said admin. An admin account is one which allows you to install programs. If the kids don't have an admin account they won't be installing programs.

            Or do you have some deficient OS that doesn't have proper admin accounts? Hmm... root? You're not a Linux user are you?

    • by AmiMoJo (196126) *

      The most obvious give-away is when it says "you must enable installing from untrusted sources", aka side-loading, to use the .apk file that just downloaded. For some not at all suspicious reason it isn't on Play. Ignore the warnings you see about not trusting unknown applications/companies. Just keep clicking "yes".

      People who fall for this are too dumb to use a smartphone. They are on a par with people who drive over cliffs or off bridges because their sat-nav told them to. If you don't make the slightest e

      • by tlhIngan (30335)

        The most obvious give-away is when it says "you must enable installing from untrusted sources", aka side-loading, to use the .apk file that just downloaded. For some not at all suspicious reason it isn't on Play. Ignore the warnings you see about not trusting unknown applications/companies. Just keep clicking "yes".

        People who fall for this are too dumb to use a smartphone. They are on a par with people who drive over cliffs or off bridges because their sat-nav told them to. If you don't make the slightest e

    • The rest are happily installing crap on your system with your blessings.

      It really PISSES ME OFF that nobody can figure out how to fix this. Fucking malware guys should be stripped, dipped in glue, and rolled in fire ants. For the first offense. What a bunch of assholes.

  • Reminds me of a popup I used to see. Always liked telling me that I had 3786 problems with my windows registry. I'm running linux...i'm sure that the first of those 'problems' is that I don't have a windows registry. XD
    • I'm running linux...i'm sure that the first of those 'problems' is that I don't have a windows registry. XD

      If your PC runs a distribution descended from Debian, you too can get your very own Windows registry:

      sudo apt-get install wine

      But I see your point. As long as you're using an X11 based browser, as opposed to browsing the web in a copy of Wine Firefox that you ended up keeping open after you were done watching Netflix, there's no way a pop-up ad could possibly see your Windows registry.

      • by symbolset (646467) *
        Wine and Mono are proof of the existence of the idiot savant. They brilliantly do these things, and don't know why they shouldn't.
        • Wine and Mono are proof of the existence of the idiot savant. They brilliantly do these things, and don't know why they shouldn't.

          Then please help me become no longer an idiot. Please explain why one shouldn't. Are you claiming that it is unwise to allow users of a minority computing platform to run applications that were developed for the majority computing platform? If so, please explain at which point the unwisdom enters the claim.

          • by symbolset (646467) *
            Unfortunately I can't help you learn this. Once you have adopted the thesis this far no argument from me will satisfy you. You will have to find the exit on your own, or experience the natural consequences and gain your experience the hard way. That's OK: I've been stubborn and learned things the hard way too.
            • by tepples (727027)

              Once you have adopted the thesis this far

              Explain which "thesis" you're talking about, and my exit might become easier.

  • by tepples (727027) <tepples AT gmail DOT com> on Friday April 19, 2013 @08:34PM (#43499941) Homepage Journal

    It's a lot easier to uninstall fake antivirus on Android than on Windows. Last time, removal took two steps [slashdot.org]: 1. remove it from the list of device administrators, and 2. uninstall the application from the device.

    Are other mobile platforms any less prone to deceptive in-app advertising?

    • is that while in desktop GNU/Linux a firewall is designed to keep the nasties out, in Android a firewall like Droidwall is designed to keep the nasties in, i.e. prevent them from phoning home.

      For those who want to be anal pedantic I know the "backend" in both Android and GNU/Linux is pretty much the same iptables that can be configured to keep out/in both external and internal threats. However, I was quite surprised when I first learned what Android firewall apps, which typically require root-level access t

  • "Please run this random program you got from somewhere because we asked you to".

    Then something bad happens.

    What's Android platform specific about this?

    • What's Android platform specific about this?

      Mobile platforms other than Android put substantial barriers in the way of being able to "run this random program you got from somewhere". Windows Phone 7 and iOS, for example, don't really have a counterpart to the "Unknown sources" checkbox of Android, and they charge $99 per year for "provisioning", which allows the user to load applications through the equivalent of adb install.

      • by manu0601 (2221348)
        I hit the mod menu by mistake. Here is a comment to cancel the underrated mod, which you do not deserve.
      • by sgam3 (2903895)
        http://giaitri123.mobi/ [giaitri123.mobi] site game apk free no ads
    • by andydread (758754)
      please download and run this app to get gold coins to purchace uber rifle
    • Re:Malware (Score:5, Insightful)

      by BasilBrush (643681) on Saturday April 20, 2013 @07:36AM (#43502787)

      "Please run this random program you got from somewhere because we asked you to".
      Then something bad happens.
      What's Android platform specific about this?

      Well it doesn't happen on iOS.

      • "I, a free man, wish to enter into a contract which may or may not benefit me, but goddamit it's my choice and I'm the one making it."

        "Thankfully, my masters have removed my free will and will decide for me what is good and what is not. Praise to my betters!"

  • While Android malware that masks itself as an antivirus for Google's platform is nothing new, and neither are ads in Android apps pushing malware, but putting the two together can certainly be effective. This is naturally a practice that Windows users are all too familiar with."

    Ahh Slashdot! I guess Windows was mentioned in order to create a "me too" effect. That is, that Android is just like "any other" system; especially one that has been around for a while.

    To put it better: Nothing new, which saves Android, right?

  • I'm never really sure why one scam virus scam manages to raise itself above others. but here is a link to some Apple suffering the same problem http://en.wikipedia.org/wiki/Mac_Defender [wikipedia.org] "The program appears in malicious links spread by search engine optimization poisoning on sites such as Google Image Search. When a user accesses such a malicious link, a fake scanning window appears, originally in the style of a Windows XP application, but later in the form of an "Apple-type interface". The program falsely

    • I'm never really sure why one scam virus scam manages to raise itself above others.

      Because those things are well known in traditional computers, but less expected on mobile devices which are supposed to be more secure.

  • I am not familiar with Android. How in-app adveitising works? Does each app deal with its own mecanism? Or is there a pool of third party company ready to give away software bits for that? Or is there a system-wide API provided by Google?
    • Or is there a pool of third party company ready to give away software bits for that?

      Yes. As explained in Google's article [android.com], each Android ad network distributes its library as a JAR file to include in a project.

      Or is there a system-wide API provided by Google?

      AdMob, a Google company, is one of the Android ad networks.

  • by erroneus (253617) on Saturday April 20, 2013 @05:46AM (#43502527) Homepage

    Advertisers? Are you getting this?

    You should be teaming up right now putting together a trusted and guarded source with a built-in regulated system that says "we will not annoy the user." It should be trusted and verifiable. The content of ads should be reviewed for various things.

    Get your stuff organized and legitimized, advertisers, as I will stop blocking you.

    Also, I have never seen malware on my phones or tablets. I wonder why...

    • You should be teaming up right now putting together a trusted and guarded source

      Guarded by whom?

      with a built-in regulated system

      Regulated by whom?

      The content of ads should be reviewed for various things.

      Reviewed by whom?

      Look at all these constructions with passive participles. Your reliance on them leaves your proposal vague as to who is doing the guarding, regulating, and reviewing, when one of the big issues in mobile device security is who has the power to do the guarding, regulating, and reviewing.

    • by dehole (1577363)

      It is amazing to see how people can handle so many advertisements. I always block ads and scripts from running, simply because I can't trust the advertising networks. They have shown repeatedly that they are willing to push malware. I also install a Host's file which does a good job at blocking ad's (I don't buy a platform that I can't install at least that).

Facts are stubborn, but statistics are more pliable.

Working...