Android Users Get Scammed With In-App Antivirus Ads

An anonymous reader writes "A new malware scheme has been discovered that pushes fake antivirus software to Android users via in-app advertising. Once installed, the trojan informs the victims they need to pay up to remove threats on their device. The malware in question, detected as "Android.Fakealert.4.origin" by Russian security firm Doctor Web, has been around since at least October 2012 according to the company. While Android malware that masks itself as an antivirus for Google's platform is nothing new, and neither are ads in Android apps pushing malware, but putting the two together can certainly be effective. This is naturally a practice that Windows users are all too familiar with."

Always give them a chance

[belthize]

I will never understand why phishing and malware attempts always have some weird tell that they're not legit. Whether it's some bizarre choice of words in the midst of an otherwise fairly legit looking piece of email or Cyrillic text in the middle of an otherwise semi-legit looking app there's always a tell.

It's as if the authors are carefully trying to prey only on the truly stupid.

No "Unknown sources" and pay to "adb install"

[tepples]

What's Android platform specific about this?

Mobile platforms other than Android put substantial barriers in the way of being able to "run this random program you got from somewhere". Windows Phone 7 and iOS, for example, don't really have a counterpart to the "Unknown sources" checkbox of Android, and they charge $99 per year for "provisioning", which allows the user to load applications through the equivalent of adb install.

Re:Malware

[BasilBrush]

"Please run this random program you got from somewhere because we asked you to".
Then something bad happens.
What's Android platform specific about this?

Well it doesn't happen on iOS.