Slashdot Mirror

← Back to Stories (view on slashdot.org)

Android Users Get Scammed With In-App Antivirus Ads

Posted by timothy on from the like-robots-these-androids dept.

An anonymous reader writes "A new malware scheme has been discovered that pushes fake antivirus software to Android users via in-app advertising. Once installed, the trojan informs the victims they need to pay up to remove threats on their device. The malware in question, detected as "Android.Fakealert.4.origin" by Russian security firm Doctor Web, has been around since at least October 2012 according to the company. While Android malware that masks itself as an antivirus for Google's platform is nothing new, and neither are ads in Android apps pushing malware, but putting the two together can certainly be effective. This is naturally a practice that Windows users are all too familiar with."

13 of 82 comments (clear)

  1. Always give them a chance by belthize · · Score: 4, Interesting

    I will never understand why phishing and malware attempts always have some weird tell that they're not legit. Whether it's some bizarre choice of words in the midst of an otherwise fairly legit looking piece of email or Cyrillic text in the middle of an otherwise semi-legit looking app there's always a tell.

    It's as if the authors are carefully trying to prey only on the truly stupid.

    1. Re:Always give them a chance by alostpacket · · Score: 3, Interesting

      You know, I got that same feeling when the article said this was from "Russian security firm Doctor Web" and the malware dates back to October 2012.

      They may be legit, but I did a double take on the name and country of the company, as well as the date.

      Looks like it comes from TFA, which is next to useless for actual helpful information. No mention of what ad networks, or what apps theses were found in. They even blur the website name of where they encountered an ad. The Next Web article seems to be copy-pasta from the AV 'article' (probably better described as a press release). I clicked around their site and their links are broken and redirect to a scary 404 page that gives me instructions on how to recover Windows. Pot, kettle, anyone?

      But sure enough, they sell Android antivirus software.

      (Full disclosure: I sell an app meant to teach new users about Android permissions, but also give the text of the guide away -- still, take what I say with a grain of salt, like anyone else).

      --
      PocketPermissions Android Permission Guide
    2. Re:Always give them a chance by AmiMoJo · · Score: 2

      The most obvious give-away is when it says "you must enable installing from untrusted sources", aka side-loading, to use the .apk file that just downloaded. For some not at all suspicious reason it isn't on Play. Ignore the warnings you see about not trusting unknown applications/companies. Just keep clicking "yes".

      People who fall for this are too dumb to use a smartphone. They are on a par with people who drive over cliffs or off bridges because their sat-nav told them to. If you don't make the slightest effort to understand the messages you are being shown on screen or to do anything other than what you are told then, well... Don't blame the OS.

      Actually, if you are one of those people, please go jump of a bridge right now. Ignore the danger signs and "no swimming" notice, it's perfectly safe, honest.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Uninstallation last time by tepples · · Score: 3, Informative

    It's a lot easier to uninstall fake antivirus on Android than on Windows. Last time, removal took two steps: 1. remove it from the list of device administrators, and 2. uninstall the application from the device.

    Are other mobile platforms any less prone to deceptive in-app advertising?

    1. Re:Uninstallation last time by ozmanjusri · · Score: 2

      Is there really a technical reason why it's not possible for them to dig in deeper into an android device assuming the user gives permission (as per the article)?

      Yes.

      In addition to the standard Linux security model, Android has an Application Sandbox which assigns a unique user ID (UID) to each app when it is run. The apps run as that UID, and can only interact with other apps through secure inter-app process communications.

      http://source.android.com/tech/security/

      --
      "I've got more toys than Teruhisa Kitahara."
  3. No "Unknown sources" and pay to "adb install" by tepples · · Score: 4, Interesting

    What's Android platform specific about this?

    Mobile platforms other than Android put substantial barriers in the way of being able to "run this random program you got from somewhere". Windows Phone 7 and iOS, for example, don't really have a counterpart to the "Unknown sources" checkbox of Android, and they charge $99 per year for "provisioning", which allows the user to load applications through the equivalent of adb install.

  4. AdMob among others by tepples · · Score: 2

    Or is there a pool of third party company ready to give away software bits for that?

    Yes. As explained in Google's article, each Android ad network distributes its library as a JAR file to include in a project.

    Or is there a system-wide API provided by Google?

    AdMob, a Google company, is one of the Android ad networks.

  5. Secure file chooser dialog by tepples · · Score: 2

    Fair questions, but how would you have designed it?

    I'd handle SD card access like this: When an app is installed, it can read and write only its own folder. When an app wants to open any other file, or all files in a given folder, it asks the system to display a file chooser to the user, and then that app gets authorized to open that file. Both OLPC Bitfrost and the Mac App Store sandbox use variants of this pattern. Likewise with the Internet permission. I'd add an additional "User-chosen Internet sites" permission that can access only the domains specified in the application's manifest and the hostname of any URL that the user chooses to "share" with the application.

    1. Re:Secure file chooser dialog by Nemyst · · Score: 2

      And the number of acronyms and specialized vocabulary you've used means you'd have lost 90% of the user base by doing that. People think of phones and computers as appliances. The last thing they want is having to understand what a folder structure is, or what a URL is. They'd just click/tap until all the scary popups are gone.

      If you think I'm exaggerating, most non-tech people I know never use the URL bar on their computer: they go to their homepage, usually Google, and type in the site's name there. Even after years and years of using the site.

  6. Ad blocking == security measure by erroneus · · Score: 2

    Advertisers? Are you getting this?

    You should be teaming up right now putting together a trusted and guarded source with a built-in regulated system that says "we will not annoy the user." It should be trusted and verifiable. The content of ads should be reviewed for various things.

    Get your stuff organized and legitimized, advertisers, as I will stop blocking you.

    Also, I have never seen malware on my phones or tablets. I wonder why...

  7. Re:Malware by BasilBrush · · Score: 4, Insightful

    "Please run this random program you got from somewhere because we asked you to".
    Then something bad happens.
    What's Android platform specific about this?

    Well it doesn't happen on iOS.

  8. Please help me become no longer an idiot by tepples · · Score: 2

    Wine and Mono are proof of the existence of the idiot savant. They brilliantly do these things, and don't know why they shouldn't.

    Then please help me become no longer an idiot. Please explain why one shouldn't. Are you claiming that it is unwise to allow users of a minority computing platform to run applications that were developed for the majority computing platform? If so, please explain at which point the unwisdom enters the claim.

  9. Re:Malware by BasilBrush · · Score: 2

    I can't download it because it was only on the AppStore for a few hours before it was removed, and he as a rogue developer was banned. Which is a pretty good demonstration of why it's better than Android's system. With Android, all the malware that was ever created is still out there, still trapping the unwary.