Malware writers and cyber-criminals are always finding new ways to try and get their malicious programs onto our devices and it looks like some devious group has managed to find a way to publish adverts which try to scare users into downloading an antivirus app which is in fact malware. Although scareware adverts for desktops have been around for quite a while, their appearance on mobile platforms is relatively new.
This week one of the Android Authority team saw one of these ads and was able to capture a couple of very useful screenshots. Thankfully he didn’t actually download and install the app as it would have infected his smartphone with malware!
What happens is that cyber crooks sign-up to run an advert campaign via one of the big ad platforms and they deliberately hack the ads to show a dialog that tries to scare the user into downloading an app because their phone has a virus. Ironically it is the fake virus warning that ultimately leads to the device being infected!
The fact that the hackers can alter the advert is a weakness in the ad platform itself and hopefully once the ad company spots these malicious ads it will close the security hole. This particular ad tries to get the user to download appmarket_2.0.2.apk which installs the Android/Hnd Adwo malware. According to AVG, reports about this particular malware have rocketed over the last week but are now in decline.
Ironically it is the fake virus warning that ultimately leads to the device being infected!
Android/Hnd Adwo displays unwanted advertisements as notifications and it requires the complete removal of the infected app to block the ads from being pushed. It is currently ranked 7 in the world for mobile, online and PC malware and has affected more than 10,000,000 users!
It is important that you don’t follow through on these ads and don’t download or install any .apk files. You should also notify the webmaster of the site where the ad appeared.
If you do want to run an antivirus app on your device make sure you checkout our recommendations and always download it from Google Play and not from an untrusted third-party site.