April 17, 2013

Russian anti-virus company Doctor Web is warning users about a new fraud scheme. It involves various Android programs displaying advertisements that prompt users to scan their mobile devices for viruses and then lure them into downloading a fake anti-virus for Android. The bogus anti-virus is really a Trojan belonging to the Android.Fakealert family.

Ads displayed by Android applications have long been exploited by criminals to spread malware. Being an effective and relatively inexpensive means to reach a wide audience, advertisements are often used in schemes. Ads found by Doctor Web's analysts this time offer Android users virus scans. If users accept the offer, they are redirected to a website from which they can download an "anti-virus" which, in fact, is the malicious program Android.Fakealert.4.origin.

Analysts have been aware of Trojans of the family Android.Fakealert since October 2012. These programs pose as fully functional anti-viruses and pretend to detect threats. To get rid of malware that has supposedly been found, the user must pay a certain amount. Users of PCs know this scheme well.

Once Android.Fakealert.4.origin is installed and launched, it notifies the user that a threat has been detected, but, as to be expected, the user has to buy a full version of the program to neutralize it.

In addition to displaying infection alerts in its main menu, Android.Fakealert.4.origin can also display corresponding messages in the notification panel.

Doctor Web urges Android users to be more sceptical about various ads displayed by applications and to use reliable anti-virus software, when necessary.