Beware of mobile scareware ads which say your phone has a virus

by: Gary SimsJanuary 23, 2014

Beware of fake antivirus scareware adsMalware writers and cyber-criminals are always finding new ways to try and get their malicious programs onto our devices and it looks like some devious group has managed to find a way to publish adverts which try to scare users into downloading an antivirus app which is in fact malware. Although scareware adverts for desktops have been around for quite a while, their appearance on mobile platforms is relatively new.

This week one of the Android Authority team saw one of these ads and was able to capture a couple of very useful screenshots. Thankfully he didn’t actually download and install the app as it would have infected his smartphone with malware!

What happens is that cyber crooks sign-up to run an advert campaign via one of the big ad platforms and they deliberately hack the ads to show a dialog that tries to scare the user into downloading an app because their phone has a virus. Ironically it is the fake virus warning that ultimately leads to the device being infected!

Ironically it is the fake virus warning that ultimately leads to the device being infected!

The fact that the hackers can alter the advert is a weakness in the ad platform itself and hopefully once the ad company spots these malicious ads it will close the security hole. This particular ad tries to get the user to download appmarket_2.0.2.apk which installs the Android/Hnd Adwo malware. According to AVG, reports about this particular malware have rocketed over the last week but are now in decline.

Android/Hnd Adwo displays unwanted advertisements as notifications and it requires the complete removal of the infected app to block the ads from being pushed. It is currently ranked 7 in the world for mobile, online and PC malware and has affected more than 10,000,000 users!

It is important that you don’t follow through on these ads and don’t download or install any .apk files. You should also notify the webmaster of the site where the ad appeared.

If you do want to run an antivirus app on your device make sure you checkout our recommendations and always download it from Google Play and not from an untrusted third-party site.

  • Jack1

    Yesterday I got the same ad on my Note3,and I avoid it…Its really tricky for unexperienced users. Montenegro,Europe

  • TrixzD

    I have had these a couple of times on my moto G and nexus 7 its really annoying but all you can do is avoid it by not falling for it. Its great that you have actually written up about it. I know alot of people who are still fooled by these things on tradional Pc’s and with all the android related malware stories you see nowadays alot of innocent people will believe these notices

  • TrixzD

    Oh and to add to my last comment I have even had one on my Moto g that goes along the lines of your samsung phone has multiple viruses lol Yes so much so that it has turned into a moto phone :P

  • fatspirit

    I’ve checked daughter’s phone – there were 9 malicious apks in download folder. But non-market installs are disabled, so we are safe for now (:

  • Jazz

    I remember last month my stock ICS browser automatically downloaded some .apk. I searched on google, turns out those come from ads. Surprisingly, it has been like that for last 3 months, and no action taken by ad network/company.

    • Jayfeather787

      Then get rid of it!!!!

  • Jaun Lombard

    Where does it save the file so that I can check if its on my phone?

    • MasterMuffin

      Download folder in internal SD card, unless you have downloaded a browser that downloads in its own folder

  • Mr james bunt

    Downloaded AVG antivirus mobile . The best anti virus i ever downloaded , it scan every single area inside your phone including sd card . It also scan web pages for trojan , malware and other viruses . This app scan either evey month once , every day or never , depending on your settings . This app does not have some kind of bar notification in the notification area and also it does not have icon on top of the status bar , very easy to use and managed . If you upgrade to pro (its my verion) you will unlock feature such as anti-theif camera . What it does it will take a photo of the theif using the front camera after they failed 3 times to unlock your phone , and sent it to your other phone that is with you via email or sms . The theif won’t even know that his/her picture was taken . -This only apply if you have lock your phone with a passcode , if not it won’t work , but AVG have another service which can allow you to remotely lock your phone from another phone or from the computer or by phone via sms . E.g. AVGlock follow by your personal password for the app itself -this app can be use to sign into AVG website to track your phone location via GPS when you are using the internet . All this summaries why AVG is excellent in protecting your phone but there’s a price to pay for the pro version – around $14.99 per year subscribtion or around $1.20 per month . User interface is very easy protects every thing , even scan for the file before you download(for apk file only) and scan the file that you download from play store or other certified services , very convincing . Everybody should download and try it today !

    • Mick Collingwood

      Waste of time and money.

  • MasterMuffin

    I hate these! I get these often in XDA and that’s not good because some people may believe it because it’s XDA

  • WestFiasco

    The one thing that pops up often for me is the mobogenie app market, I see it advertised in free apps with ads, some pages I go to with chrome it tries to get itself downloaded. It’s the most annoying thing I’ve come across so far for 2014.

    • Masaya Shida

      Yes always that especially in THIS site

  • Jayfeather787

    The Internet has some safe stuff, and definitely some not safe stuff. No anti-virus needed, just know what you are installing.

  • DonAngeles

    Is this like the mobogenie app? its keep on asking me if i want it everytime i go to a SPECIFIC website. and its really annoying!!! mobo is keep on shoving their app to users and they say that they’re number 1???

  • Mick Collingwood

    To be honest if someone is naïve enough to install one of these they shouldn’t have a smartphone.

    • Primalxconvoy

      Unless your device hasn’t got Google play, or the app that you want isn’t available in your country/on your device/at Google play.

      Something to think about while riding your high horse, isn’t it?

      • Mick Collingwood

        Your entitled to your opinion just as I’m entitled to mine.

        I did state “Don’t download something which is not from Google Play/Amazon unless you know 100% that the app is what it says it is and you’re sure it’s not a scam.”

        And checking of permissions when installing is still relevant no matter where it comes from.

        • Primalxconvoy

          People with devices that haven’t got Google play (in developing countries or for systems that haven’t met Google’s requirements) may not be so lucky. Perhaps you should have written your opinion with less haughtiness for those in a different position to you?

          • Mick Collingwood

            That’s the problem with written comments they don’t always portray what you want to convey correctly.

            I was only offering advice, I never meant to come across as haughty or all knowing. I realise not everyone can access Google Play etc.

          • Primalxconvoy

            Thank you. I understand your message now. My apologies for being defensive.

          • Mick Collingwood

            No need for apologies.

  • Roman Vasilev

    Haha, viruses, loool :D

  • honey

    i got this shit thing on my note8 minutes ago .. and im up to download it but change my mind !
    wondering what really it is so i decided to google it , which is good thing i found this post !
    thanks it is a big help .. and i already share it on my wall :)

  • j7981

    “The Virus may comput you date.” (From first screenshot)
    Do people really fall for that?

    • markus

      They Elderly or inexperienced may fall for it.

  • Primalxconvoy

    Personally, ANY popup apps that appear on any of my devices are ignored. If I see one that comes up regulary, I make a mental note and then will never download it (ie: candy crush).

    • NunoLava1998

      Candy Crush is not a malware or trojan. its a game. Also im getting this stupid ad in cookie collector 2 saying:

      “Your Android has (5) virus!)

  • mjfnd

    thanks for sharing, please tell me that how to remove it?
    and please note the following points:
    it appears in every phone even in windows.
    it appears for a specific site like footballnewsguru
    and it doesnt appear always.
    so how to remove it?

    • ChooChoo

      Let me explain.

      These so-called scareware are actually advertisement. They paid the website owner to display the ad. To remove it, you can’t because the website owner are the one who can remove the advertisement. Sadly, advertisement is the only way for the website to earn money. Other than that, consider paying premium subscription to that website

  • tinu

    this is why ladies and gentlemen android sucks

  • victor

    Only reliable anti virus app is by Lookout. All the others are crap. It caught 3 or 4 bugs in games from the Google Play Store. It warned me not to install. The fake warnings the pop up normaly happens when a site redirects your search ( annoying in its self, who want2 to be redirected ). Anywas I in the past turned off my search afraid that I was infected. Ran a deep scan ( takes like 5 minutes ) and nothing found.

  • Mugy

    i got that virus that keeps me redirecting to Help me how to remove this for god sake…

  • Wendy Dickson

    These are 2 more scareware screens shots that came across my phone while on facebook.

  • mackattack1991

    Those pop up adverts on smartphones, piss me off even more that computer pop ups do, because you can’t close them! Thankfully, I had Adblock Plus put a stop to that nonsense!

  • Allafacciatua

    I’ve find this type of pop-ups on my android, me too. For example “” or “”(don’t click on these URLs!!!) and if I try to skip them, they take me to porn websites or malwares like “” “” and “”. Please help!!!!

  • Maxiimus

    Hey guys i tried to open a page and it took me to one of those fake ads and it downloaded itself into my phone.I didnt open the .apk file or touched it i just went to downloads and i deleted it.Im kinda new to android and my question is ..just by deleting it on the downloads app am safe?i scanned my phone with 2 anti viruses.Im just worried about my personal stuff.Thanks

  • Jaspreet

    Guys i have problem with alarm control but i uninstal that malware with root but still there r 2 more virus in my device adob air and engrils i m unable to uninstall them with root it always says faild to uninstall…. Whenever i swich on my phone it shows that android is upgrading and that virus install 3 aps (360 security, and engriks) tell me plz what to do i disable them but sill thay r installing the apss when i swich on my phone

    • ChooChoo

      this is the problem with inexperienced users with root access..

      Now, to ‘disable them’ you need to know what ‘they’ are. Next, uninstall.
      I doubt that you know what ‘they’ are. In this case, no one online would be able to identify your problem unless they have paranormal powers..

      My suggestion is to factory reset from recovery.

  • LuAnn Marie Thomas Glass

    I just had a whole slew of notices, warnings and updates come in this afternoon. Some saying they’re GOOGLE and others virus, lose data, damaged phone stuff. I have screen shots of all of them. All came in within an hour. Come back.

    • Mayank Shivhare

      i am having same issue .. any resolution till now ?

  • Ray Warren

    What happens if I downloaded go security antivirus applock

  • I get this message all the time.

    The first time I panicked(didn’t follow the instructions, but panicked all the same). Seeing the google logo makes it seem more convincing, but their mistake is not having a google web address.

  • TheKirbyFan128

    I didn’t have time to read this whole thing so I didn’t and just want to ask this.

    There was a pop-up that was similar to this but we swyped out of it. It made the whole screen black and it had a warning and a button at the bottom that said I have 3 viruses. In the center of the page was a graphic of the recognizable green Android character. It was fairly large and the button asked if I wanted to get rid of the viruses. I freaked out and swiped out of my tab on Google Chrome and got out of Google Chrome entirely. What I want to know is if this will give me a virus even though I didn’t press the button or if this warning was actually legit.

    Thank you.

    • Bob

      It will not give you a virus 😀

      • TheKirbyFan128

        I figured that out soon after posting. Thanks anyway, it always helps to get more confirmation.

        I checked my phone’s pre-downloaded antivirus software and it said the phone was secure also.

  • Margaret

    I was reading an article and accidentally clicked a jewelry ad. There was a Google pop up page stating I had 13 viruses due to pornography and directed me to psafe Antivirus app. It said no viruses found. Nortons let me know the app was safe, so I downloaded it. I’ve had issues before with every Antivirus app stating there were no viruses, when in fact there was. I went through my files and there is nothing suspicious or out of the ordinary. This happens to me all the time and I just performed a factory reset a week ago because of similar situation that caused 4 Trojan viruses and all of my apps crashed when I touched the screen. Of course nortons didn’t detect any of them and I even have nortons safe search Internet browser. How do I stop this and protect my identity if none of the Antivirus apps actually work?

    • ChooChoo

      unlike in pc, andorid antivirus lack administrative privilege. Therefore, it wouldn’t be able to track many things and wouldn’t do much.. What it does is mostly scan apps and apk files; check their package name with database. If known bad package name is a match, AV then proceeds to uninstall..

  • Luis Marin