Slashdot Mirror
Android Users Get Scammed With In-App Antivirus Ads
An anonymous reader writes "A new malware scheme has been discovered that pushes fake antivirus software to Android users via in-app advertising. Once installed, the trojan informs the victims they need to pay up to remove threats on their device. The malware in question, detected as "Android.Fakealert.4.origin" by Russian security firm Doctor Web, has been around since at least October 2012 according to the company. While Android malware that masks itself as an antivirus for Google's platform is nothing new, and neither are ads in Android apps pushing malware, but putting the two together can certainly be effective. This is naturally a practice that Windows users are all too familiar with."
I will never understand why phishing and malware attempts always have some weird tell that they're not legit. Whether it's some bizarre choice of words in the midst of an otherwise fairly legit looking piece of email or Cyrillic text in the middle of an otherwise semi-legit looking app there's always a tell.
It's as if the authors are carefully trying to prey only on the truly stupid.
Reminds me of a popup I used to see. Always liked telling me that I had 3786 problems with my windows registry. I'm running linux...i'm sure that the first of those 'problems' is that I don't have a windows registry. XD
There are three kinds of people in the world. Those that can count, and those that can't.
It's a lot easier to uninstall fake antivirus on Android than on Windows. Last time, removal took two steps: 1. remove it from the list of device administrators, and 2. uninstall the application from the device.
Are other mobile platforms any less prone to deceptive in-app advertising?
I'm running linux...i'm sure that the first of those 'problems' is that I don't have a windows registry. XD
If your PC runs a distribution descended from Debian, you too can get your very own Windows registry:
But I see your point. As long as you're using an X11 based browser, as opposed to browsing the web in a copy of Wine Firefox that you ended up keeping open after you were done watching Netflix, there's no way a pop-up ad could possibly see your Windows registry.
"Please run this random program you got from somewhere because we asked you to".
Then something bad happens.
What's Android platform specific about this?
It's as if the authors are carefully trying to prey only on the truly stupid.
Given how advance fee fraud works, that's probably right.
What's Android platform specific about this?
Mobile platforms other than Android put substantial barriers in the way of being able to "run this random program you got from somewhere". Windows Phone 7 and iOS, for example, don't really have a counterpart to the "Unknown sources" checkbox of Android, and they charge $99 per year for "provisioning", which allows the user to load applications through the equivalent of adb install.
Cmon, do you really think this is news?
It's as if the authors are carefully trying to prey only on the truly stupid.
Given how advance fee fraud works, that's probably right.
I had a phishing attempt recently that really looked like it was from the IRS, down to the logos and all. I know the IRS and banks don't send unsolicited emails out, the real clincher was the reply address ended in ".irt". So, it got forwarded to abuse@irs.gov, same thing I do with bank phishing attempts. The only bad thing is I'll never know if I helped catch a phisher.
That's a slightly different scenario though. In this case they don't have to weed out responders to save time. For most click here, enter data here type phishing attempts it's a one time interaction. If you're dumb enough to take the first step there's no second step to save you.
I guess I shouldn't have written 'I will never understand' but I certainly don't at the moment. I'll admit it's so pervasive there may be a reason but they're usually fairly subtle errors where as the Nigerian scammers are fairly blatant. It's like spoofed web sites that are a 95% match to the original. Why not go ahead and make it 100%.
It makes me wonder if it's a legal issue, i.e. they know that if they leave the credit cards and banks an out for claiming it was the users fault for not realizing it was a scam then the legal world will be more inclined to ignore them.
While Android malware that masks itself as an antivirus for Google's platform is nothing new, and neither are ads in Android apps pushing malware, but putting the two together can certainly be effective. This is naturally a practice that Windows users are all too familiar with."
Ahh Slashdot! I guess Windows was mentioned in order to create a "me too" effect. That is, that Android is just like "any other" system; especially one that has been around for a while.
To put it better: Nothing new, which saves Android, right?
I'm never really sure why one scam virus scam manages to raise itself above others. but here is a link to some Apple suffering the same problem http://en.wikipedia.org/wiki/Mac_Defender "The program appears in malicious links spread by search engine optimization poisoning on sites such as Google Image Search. When a user accesses such a malicious link, a fake scanning window appears, originally in the style of a Windows XP application, but later in the form of an "Apple-type interface". The program falsely appears to scan the system's hard drive. The user is then prompted to download a file that installs Mac Defender, and is then asked to pay US$59.95 to US$79.95 for a license for the software.
What reality matters is how quickly the OS is cleaned up In the case of Apple it took a month "The Mac security firm Intego discovered the fake antivirus software on May 2, 2011, with a patch not being provided by Apple until May 31"
Although it is worth pointing out all those poor computer experts(sic) that blame users on the lie that it must be porn or copyright programs that caused the damage when most of the time its simply lack of understanding of a single science.
I am not familiar with Android. How in-app adveitising works? Does each app deal with its own mecanism? Or is there a pool of third party company ready to give away software bits for that? Or is there a system-wide API provided by Google?
Or is there a pool of third party company ready to give away software bits for that?
Yes. As explained in Google's article, each Android ad network distributes its library as a JAR file to include in a project.
Or is there a system-wide API provided by Google?
AdMob, a Google company, is one of the Android ad networks.
Android users got scammed enough when they bought a fucking Android device.
This kind of stuff has been going on for years. First it was fake battery apps, now it's fake antiviruses. Meh.
Fair questions, but how would you have designed it?
I'd handle SD card access like this: When an app is installed, it can read and write only its own folder. When an app wants to open any other file, or all files in a given folder, it asks the system to display a file chooser to the user, and then that app gets authorized to open that file. Both OLPC Bitfrost and the Mac App Store sandbox use variants of this pattern. Likewise with the Internet permission. I'd add an additional "User-chosen Internet sites" permission that can access only the domains specified in the application's manifest and the hostname of any URL that the user chooses to "share" with the application.
Android users got scammed enough when they bought a fucking Android device.
It might seem like a scam, but you really do get great value smart phones at realistic prices(and choice). It achieves this by using an free open source OS, and providing a healthy ecosystem of manufactures. Its why 1.5 Million devices are sold daily http://www.engadget.com/2013/04/16/liveblog-google-eric-schmidt-at-dive-into-mobile-2013/ "320 operators, 160 countries, 700,000 apps in the Play Store, and 1.5 million sales / activations of Android every single day. We'll cross a billion towards the end of this year. That gives you a sense of the reach. Android is the primary vehicle of smartphones -- we'll quickly get to the $100 price point, which is the key for those next five billion people looking to get connected."
Its incredible I know. Its why you can get phones like the Samsung's Galaxy S4 which has become the Android phone to wait for. The phone has a slew of new features, including an improved 13-megapixel camera, new software features and it responds to waves and gestures. It also has a 5-inch Super AMOLED 1080p screen.
is that while in desktop GNU/Linux a firewall is designed to keep the nasties out, in Android a firewall like Droidwall is designed to keep the nasties in, i.e. prevent them from phoning home.
For those who want to be anal pedantic I know the "backend" in both Android and GNU/Linux is pretty much the same iptables that can be configured to keep out/in both external and internal threats. However, I was quite surprised when I first learned what Android firewall apps, which typically require root-level access to do their trick, were designed to do, to protect users against apps that abuse their network access privileges.
Android is better than iOS because it's open. Android is better than iOS because it has more malware.
Do bears shit in the woods?
Leave it to Google to use linux and make it the most unsecure OS on the planet. How the hell do you mess that up?
I'm never really sure why one scam virus scam manages to raise itself above others.
Because those things are well known in traditional computers, but less expected on mobile devices which are supposed to be more secure.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The phone has a slew of new features, including an improved 13-megapixel camera
More megapixels is not an improvement.
new software features and it responds to waves and gestures.
Not well according to reviews. Who is going to use them if they don't work reliably? It's the ultimate gimmick to say you can control something literally right in your hand with a wave. It requires more effort to wave than to drag a finger across the screen!
The "Pause video when eyes lose contact with screen" is the biggest software feature miss in history, with approximately 99% of viewers thinking the phone is broken when this happens and most just wanting a video to keep playing regardless of where the eyes go. It totally ignores how actual humans behave when out in the wild with mobile devices.
It also has a 5-inch Super AMOLED 1080p screen
Great, a giant screen with incredibly poor color reproduction.
The last fun fact about the S4 is that buying one shows support for misogyny.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Advertisers? Are you getting this?
You should be teaming up right now putting together a trusted and guarded source with a built-in regulated system that says "we will not annoy the user." It should be trusted and verifiable. The content of ads should be reviewed for various things.
Get your stuff organized and legitimized, advertisers, as I will stop blocking you.
Also, I have never seen malware on my phones or tablets. I wonder why...
And the number of acronyms and specialized vocabulary you've used means you'd have lost 90% of the user base by doing that.
alostpacket asked: "how would you have designed it?" How to design a system and how to explain its behavior to computer novices are two different things. I am aware that trying to explain a system to a novice user and to a programmer using the same wording is unwise.
File Chooser: When an application wants to work with one of the documents, photos, or other files stored on your device, the device asks you to choose a file. Only the file you choose will be made available to the application. Sometimes, an application will ask you to choose a folder, or a collection of files on your device. All files in this folder will be made available to the application. The file chooser explains whether or not the application wants to change the contents of the file or folder, such as to save your work. Remember not to choose any file with private information in an application that you do not trust.
Limited Internet: This application can connect to a small set of sites on the Internet that were chosen by the application's developer. Some applications are designed to view information from a specific site on the Internet. Other applications connect to a sponsor's site to display advertisements to fund continued development of the application. Remember not to enter private information into an application that you do not trust.
Share URL Intent: You can choose to share a link to an Internet resource, such as a web page, from another application. (Sometimes a link is called a "URL".) The device asks you to choose an application with which to share the link. The application you choose can connect to the site that the link is on. For example, if you share a link to a page on example.com, Internet connections to example.com will be made available to this application. Remember not to share links with an application that you do not trust.
People think of phones and computers as appliances.
Do people expect to be able to install applications in their refrigerators? Do people enter private information into their ovens? A computer is an appliance in the same way that a vehicle is an appliance: it is possible to do things with it that are dangerous to the operator or to others.
Wine and Mono are proof of the existence of the idiot savant. They brilliantly do these things, and don't know why they shouldn't.
Then please help me become no longer an idiot. Please explain why one shouldn't. Are you claiming that it is unwise to allow users of a minority computing platform to run applications that were developed for the majority computing platform? If so, please explain at which point the unwisdom enters the claim.
and no I don't want to pay testing houses 500 dollars for a release that the fucks don't even check if it does anything bad(the symbian way)
Then the established development companies that are willing to pay their dues will out-compete you.
Shilling for software distributed under a free software license is more generally accepted on Slashdot than shilling for non-free software. Apart from a few applications available only to OHA licensees, such as Google Play Store, Android is free software. It consists of Linux, which is distributed under the GNU GPL, and AOSP, which is distributed under the Apache License.
You should be teaming up right now putting together a trusted and guarded source
Guarded by whom?
with a built-in regulated system
Regulated by whom?
The content of ads should be reviewed for various things.
Reviewed by whom?
Look at all these constructions with passive participles. Your reliance on them leaves your proposal vague as to who is doing the guarding, regulating, and reviewing, when one of the big issues in mobile device security is who has the power to do the guarding, regulating, and reviewing.
Get off your collective high-horses. None of you are typical users, and they will often believe whatever the device says, why would they even question it. If you are making an OS for people who do not know about these things then it is your job to protect them.
The rest are happily installing crap on your system with your blessings.
It really PISSES ME OFF that nobody can figure out how to fix this. Fucking malware guys should be stripped, dipped in glue, and rolled in fire ants. For the first offense. What a bunch of assholes.
Go to Heaven for the climate, Hell for the company -- Mark Twain