In the mobile world, most of us have become accustomed to installing apps that display ads in exchange for the them being free. Most ads aren't too annoying, and for the price it is worth having them displayed. It's a fair compromise—until the ad servers display something along the lines of “You’ve been INFECTED!!!”.
Ad networks, a scammer's dreamJust the other day, while my family and I are here in Portugal on holiday (well, holiday for them while I work remotely), my in-law got one of these ads:
Since we are in Portugal, the ads are all in Portuguese. This particular ad roughly translates as:
Active alertWith the ad covering the whole screen and only a little “x” to close it in the corner, it's pretty easy to accidentally click the ad which opens your browser to a webpage, which is exactly what happened to my in-law while playing the game, Baby Flash Cards, with our toddler. Suddenly, her browser opened to this scary pop-up:
Your attention is necessary. Touch to read now.
***!!NOTICE!!!***She exclaimed, "Oh no, I’ve got a virus!"
This Apple iPad is corrupted with virus and the battery was damaged (4) virus that cause serious damage to your battery and must be removed and corrected immediately.
Continue with the instructions to fix the phone. Do not close the window.
** Leave for your own risk **
I exclaimed, "Cool, let me see!"
Okay, maybe not that in verbatim but close enough.
Instantly, I knew that she wasn’t really infected, but she was just redirected to a site claiming she was; a scam used to trick users into installing actual malware or agreeing to something potentially worse. Me, being the researcher I am, wanted to figure out what the scammers were up to, so I clicked onward.
Hopping down the scammer's rabbit holeThe first webpage was on google.com-virusscan.com. Totally legit, right?
Your battery is damaged by (4) virus!Next up, a fake scanner, my fave!
We found that 28.1% of your Apple iPad DAMAGED are due to (4) dangerous viruses received recently visited sites for adults. This will damage your SIM card and corrupt your contacts, photos, data and applications.
If you do not remove the virus now, this device will automatically lock the battery and the phone will be switched off permanently to prevent further damage caused by viruses. Here 's what to do (step by step):
Step 1: Click on the button below and enter your phone number. Respond to our SMS and download the free antivirus app Step 2: Run the application to remove all viruses and repair the battery to 100%.
REMEDY FREE NOW
Important! Viruses can delete personal information, contacts list, and can damage your SIM card!Finally, it ends on this webpage:
ATTENTION! YOUR PHONE MAY BE INFECTED. WE RECOMMEND THE FOLLOWING: 1. Press the button to continue. 2. Download antivirus software for Android. 3. Make running the antivirus program on your phone to remove potential threats
Subscribe to you find viruses and spyware
Your Android is virus free?
44% of Android devices for viruses.
Golden App - Protect your phone with antivirus software McSecure
It will be deducted weekly a value of your mobile account.
Enter your phone number to access this service
What is McSecure?The answer to what the scammers are up to lies with the service subscription to an antivirus software called McSecure. Below are screenshots containing what they claim to offer and how to sign up:
Here's how the scam works. Once a valid phone number is added to that last ad webpage we've seen earlier, the scammers use it to send a text message to the victim to confirm a subscription to a “service”. Once subscribed, the victim is charged for the service periodically. Depending on country of origin, the prices and frequency of these charges vary, but usually it's weekly. These charges are added to the victim’s phone bill and could easily go unnoticed. The only way to stop the charges is for users to either text ‘STOP’ to the number the victim originally confirmed the subscription with, email the company with the mobile number to be removed, or call the company. The best bet is the first option.
So what about the antivirus app promised? According to McSecure, once a user confirms his/her subscription, he/she is supposed to receive another text message containing a download link to the app.
I wasn’t able to confirm this without actually signing up for the subscription service myself, which I decided against. I did do quite a bit of searching for the app though, but came out empty handed. The closest I got was a screenshot from their website.
My guess is that there really isn’t a McSecure app. Why would there be when they are already getting your money? And if there really is an app out there, there’s a good chance it would be classified as a Trojan FakeAV.