Yahoo Ads Serve Mobile Fake Alerts

“Android Armour,” a malicious knockoff of Armor For Android, has been circulating for some time with no end in sight, perhaps due in part to advertisements over Yahoo’s ad network.  I happened to recently be served a couple myself.  The lure starts off with some alarming pop-up dialog prompts:

SS1     ss2


Which lead to fake scanning web pages:

ss3     ss4


And ultimately a prompt to download the Scan-For-Viruses-Now.apk application. (You should heed Android’s warning.)

ss5     ss3b

Should the user proceed in installing the off-marketplace app (assuming the device has been configured to allow the installation of apps from unknown services), a copycat version of Armor For Android is executed.  The app proceeds to identify a phantom threat, which it is happy to remove for a mere $0.99 per day.

ss6     ss7


The certificate contained in the APK file is a tip-off, not that most victims would ever see it:

The majority of Android malware is delivered through side channels rather than approved app stores. This serves a reminder to stay on the beaten path. Don’t take the bait offered by browser pop-up windows claiming to have discovered an infection on your device, but rather seek out reputable applications to verify your security.

Unique McAfee Mobile Security devices reporting detections of Android Armour malware over the past 30 days:

The post Yahoo Ads Serve Mobile Fake Alerts appeared first on McAfee.