Upon downloading an innocent-looking application from APK Mania, an Android app distribution website, mobile users are scared into downloading an app for MoboMarket, an alternative app store.
It all starts with a banner that notifies users their mobile device is infected more than 100,000 viruses and recommends them to install a dedicated Android antivirus.
The disinfection kit is no antivirus for mobiles but an APK of MoboMarket -“ an application for a third-party Android market that distributes among others apps and games that haven’t passed the screening process of the official Android Play Store. Using a well-documented user profile, MoboMarket will push targeted apps and ads to its users.
In case the user’s device is set not to run updates outside the official Android market, the app configuration window will prompt users to enable the feature that allows installation of non-market applications.
APK Mania is a dubious website that offers a wide-ranging collection of Android cracked applications, popular games, wallpapers, free versions of paid original ones hosted on the official Google Play Store.
The flashy webpage is packed full with pop-up commercials, quizzes and misleading customer surveys. All these pretend to offer substantial prizes to users who share their feedback and customer experience in surveys that invariably subscribe users to premium-rate service offering a weekly game of general knowledge. This service will add an extra $12 plus taxes a month to the user’s phone bill.
A similar scareware-type attack was also deployed from some legitimate apps on Google Play, where a well-known advertising service overlooked a malicious banner that scared people into thinking their devices were infected. Under the pretext of getting a disinfection tool, the scam was subscribing people to an expensive wallpaper service.
If you have no security software on your device, there should be no pop-up message informing you about infections. If you are using a dedicated antivirus for your Android terminal, rest assured that no legitimate application will ask for extra money to block or remove malware from your system.
If this scenario happens to you:
- Immediately leave the website that signaled the infections
- to avoid downloading unsafe apps from third party markets by mistake, check the configuration of your handset by going to SETTINGS, SECURITY and making sure the UNKNOWN SOURCES is NOT checked
- use a dedicated security tool for mobile terminals running Google’s Android operating system, such as Bitdefender Mobile Security
- Bitdefender also recommends Clueful for Android, a free app that offers an expert opinion on how apps treat your privacy once you install them on your handset.
This article is based on the technical information provided courtesy of Octavian MINEA, Bitdefender Virus Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.