Beware of mobile scareware ads which say your phone has a virus

by: Gary SimsJanuary 23, 2014

Beware of fake antivirus scareware adsMalware writers and cyber-criminals are always finding new ways to try and get their malicious programs onto our devices and it looks like some devious group has managed to find a way to publish adverts which try to scare users into downloading an antivirus app which is in fact malware. Although scareware adverts for desktops have been around for quite a while, their appearance on mobile platforms is relatively new.

This week one of the Android Authority team saw one of these ads and was able to capture a couple of very useful screenshots. Thankfully he didn’t actually download and install the app as it would have infected his smartphone with malware!

What happens is that cyber crooks sign-up to run an advert campaign via one of the big ad platforms and they deliberately hack the ads to show a dialog that tries to scare the user into downloading an app because their phone has a virus. Ironically it is the fake virus warning that ultimately leads to the device being infected!

Ironically it is the fake virus warning that ultimately leads to the device being infected!

The fact that the hackers can alter the advert is a weakness in the ad platform itself and hopefully once the ad company spots these malicious ads it will close the security hole. This particular ad tries to get the user to download appmarket_2.0.2.apk which installs the Android/Hnd Adwo malware. According to AVG, reports about this particular malware have rocketed over the last week but are now in decline.

Android/Hnd Adwo displays unwanted advertisements as notifications and it requires the complete removal of the infected app to block the ads from being pushed. It is currently ranked 7 in the world for mobile, online and PC malware and has affected more than 10,000,000 users!

It is important that you don’t follow through on these ads and don’t download or install any .apk files. You should also notify the webmaster of the site where the ad appeared.

If you do want to run an antivirus app on your device make sure you checkout our recommendations and always download it from Google Play and not from an untrusted third-party site.

  • Jack1

    Yesterday I got the same ad on my Note3,and I avoid it…Its really tricky for unexperienced users. Montenegro,Europe

  • TrixzD

    I have had these a couple of times on my moto G and nexus 7 its really annoying but all you can do is avoid it by not falling for it. Its great that you have actually written up about it. I know alot of people who are still fooled by these things on tradional Pc’s and with all the android related malware stories you see nowadays alot of innocent people will believe these notices

  • TrixzD

    Oh and to add to my last comment I have even had one on my Moto g that goes along the lines of your samsung phone has multiple viruses lol Yes so much so that it has turned into a moto phone :P

  • fatspirit

    I’ve checked daughter’s phone – there were 9 malicious apks in download folder. But non-market installs are disabled, so we are safe for now (:

  • Jazz

    I remember last month my stock ICS browser automatically downloaded some .apk. I searched on google, turns out those come from ads. Surprisingly, it has been like that for last 3 months, and no action taken by ad network/company.

    • Jayfeather787

      Then get rid of it!!!!

  • Jaun Lombard

    Where does it save the file so that I can check if its on my phone?

    • MasterMuffin

      Download folder in internal SD card, unless you have downloaded a browser that downloads in its own folder

  • Mr james bunt

    Downloaded AVG antivirus mobile . The best anti virus i ever downloaded , it scan every single area inside your phone including sd card . It also scan web pages for trojan , malware and other viruses . This app scan either evey month once , every day or never , depending on your settings . This app does not have some kind of bar notification in the notification area and also it does not have icon on top of the status bar , very easy to use and managed . If you upgrade to pro (its my verion) you will unlock feature such as anti-theif camera . What it does it will take a photo of the theif using the front camera after they failed 3 times to unlock your phone , and sent it to your other phone that is with you via email or sms . The theif won’t even know that his/her picture was taken . -This only apply if you have lock your phone with a passcode , if not it won’t work , but AVG have another service which can allow you to remotely lock your phone from another phone or from the computer or by phone via sms . E.g. AVGlock follow by your personal password for the app itself -this app can be use to sign into AVG website to track your phone location via GPS when you are using the internet . All this summaries why AVG is excellent in protecting your phone but there’s a price to pay for the pro version – around $14.99 per year subscribtion or around $1.20 per month . User interface is very easy protects every thing , even scan for the file before you download(for apk file only) and scan the file that you download from play store or other certified services , very convincing . Everybody should download and try it today !

    • Mick Collingwood

      Waste of time and money.

  • MasterMuffin

    I hate these! I get these often in XDA and that’s not good because some people may believe it because it’s XDA

  • WestFiasco

    The one thing that pops up often for me is the mobogenie app market, I see it advertised in free apps with ads, some pages I go to with chrome it tries to get itself downloaded. It’s the most annoying thing I’ve come across so far for 2014.

    • Masaya Shida

      Yes always that especially in THIS site

  • Jayfeather787

    The Internet has some safe stuff, and definitely some not safe stuff. No anti-virus needed, just know what you are installing.

  • DonAngeles

    Is this like the mobogenie app? its keep on asking me if i want it everytime i go to a SPECIFIC website. and its really annoying!!! mobo is keep on shoving their app to users and they say that they’re number 1???

  • Mick Collingwood

    To be honest if someone is naïve enough to install one of these they shouldn’t have a smartphone.

    • Primalxconvoy

      Unless your device hasn’t got Google play, or the app that you want isn’t available in your country/on your device/at Google play.

      Something to think about while riding your high horse, isn’t it?

      • Mick Collingwood

        Your entitled to your opinion just as I’m entitled to mine.

        I did state “Don’t download something which is not from Google Play/Amazon unless you know 100% that the app is what it says it is and you’re sure it’s not a scam.”

        And checking of permissions when installing is still relevant no matter where it comes from.

        • Primalxconvoy

          People with devices that haven’t got Google play (in developing countries or for systems that haven’t met Google’s requirements) may not be so lucky. Perhaps you should have written your opinion with less haughtiness for those in a different position to you?

          • Mick Collingwood

            That’s the problem with written comments they don’t always portray what you want to convey correctly.

            I was only offering advice, I never meant to come across as haughty or all knowing. I realise not everyone can access Google Play etc.

          • Primalxconvoy

            Thank you. I understand your message now. My apologies for being defensive.

          • Mick Collingwood

            No need for apologies.

  • Roman Vasilev

    Haha, viruses, loool :D

  • honey

    i got this shit thing on my note8 minutes ago .. and im up to download it but change my mind !
    wondering what really it is so i decided to google it , which is good thing i found this post !
    thanks it is a big help .. and i already share it on my wall :)

  • j7981

    “The Virus may comput you date.” (From first screenshot)
    Do people really fall for that?

    • markus

      They Elderly or inexperienced may fall for it.

  • Primalxconvoy

    Personally, ANY popup apps that appear on any of my devices are ignored. If I see one that comes up regulary, I make a mental note and then will never download it (ie: candy crush).

    • NunoLava1998

      Candy Crush is not a malware or trojan. its a game. Also im getting this stupid ad in cookie collector 2 saying:

      “Your Android has (5) virus!)

  • mjfnd

    thanks for sharing, please tell me that how to remove it?
    and please note the following points:
    it appears in every phone even in windows.
    it appears for a specific site like footballnewsguru
    and it doesnt appear always.
    so how to remove it?

  • tinu

    this is why ladies and gentlemen android sucks

  • victor

    Only reliable anti virus app is by Lookout. All the others are crap. It caught 3 or 4 bugs in games from the Google Play Store. It warned me not to install. The fake warnings the pop up normaly happens when a site redirects your search ( annoying in its self, who want2 to be redirected ). Anywas I in the past turned off my search afraid that I was infected. Ran a deep scan ( takes like 5 minutes ) and nothing found.

  • Mugy

    i got that virus that keeps me redirecting to Help me how to remove this for god sake…

  • Wendy Dickson

    These are 2 more scareware screens shots that came across my phone while on facebook.

  • mackattack1991

    Those pop up adverts on smartphones, piss me off even more that computer pop ups do, because you can’t close them! Thankfully, I had Adblock Plus put a stop to that nonsense!

  • Allafacciatua

    I’ve find this type of pop-ups on my android, me too. For example “” or “”(don’t click on these URLs!!!) and if I try to skip them, they take me to porn websites or malwares like “” “” and “”. Please help!!!!

  • Maxiimus

    Hey guys i tried to open a page and it took me to one of those fake ads and it downloaded itself into my phone.I didnt open the .apk file or touched it i just went to downloads and i deleted it.Im kinda new to android and my question is ..just by deleting it on the downloads app am safe?i scanned my phone with 2 anti viruses.Im just worried about my personal stuff.Thanks

  • Jaspreet

    Guys i have problem with alarm control but i uninstal that malware with root but still there r 2 more virus in my device adob air and engrils i m unable to uninstall them with root it always says faild to uninstall…. Whenever i swich on my phone it shows that android is upgrading and that virus install 3 aps (360 security, and engriks) tell me plz what to do i disable them but sill thay r installing the apss when i swich on my phone