The Grey Side of Mobile Advertising

Mobile advertising is a headache because of its intrusiveness, the amount of bandwidth used, and other unexpected nefarious behaviors.

I get it, there’s money to be made–the good guys are trying to sell us something, the bad guys are trying to steal something, and the grey guys are doing a little of both.

Grey hats do their work in between the good and the malicious sides of computing and often push the limits of maliciousness when it comes to making a quick buck.

Some advertisers have been pushing this grey line by using shady tactics in order to get app installs for some time now.

These pay-per-install ad campaigns use the same scarevertising messaging we see from malware authors like; “You are infected” or “System Alert.”

Unlike fake alerts that lead to malware, these alerts often redirect to legitimate apps residing in Google’s Play Store, like battery saving and security type apps.

The images below are various examples these scare tactics.

Most of these ad campaigns use the same wording, images, and fake scans used by malware authors. Because of this, we wanted to spread the word to ignore these ads and hopefully take away some of their impact.

Shutting them down and tracking their creators have been difficult. The ads don’t stick around long and Ad Networks have a difficult time preventing because of their small footprint compared to all the ‘good’ ad traffic–they get lost in the chaos.

Don’t fall for the bait. If you come across any of these fake messages you can back out of the page or close the tab to dismiss. If they persist it might be necessary to clear out browser history and cookies.

Unfortunately, when it comes to advertising we don’t get to choose what’s displayed and the line will always be pushed. Where the advertiser falls on the good or bad scale will determine what ad you will see.


Armando Orozco

Senior Malware Intelligence Analyst

Faux geek who likes to keep it bland. Experienced in behavioral, PC, and mobile technologies.