Malvertising campaign intend on soiling Avira’s white vest (Updated Feb 2017)
UPDATE FEBRUARY 2017
Beware – the malvertising campaign is still ongoing! Have you received warnings on your smartphone like the one below? Then make sure not to click on the link that tells you to download our Avira Antivirus: It’s malvertising. To find out more and stay safe please read the whole article.
It’s the nightmare of each internet user: You visit a webpage and suddenly annoying pop-ups with pretty blatant information that your mobile device is insecure or damaged appear out of the blue.
At first glance it looks scary and you want to take action fast, right? Don’t! Malvertising is a portmanteau of the words malware and advertisement. With malvertising criminals try to promote their malware payload (as seen in our case below and others as well) in a “commercial” kind of way. This means that they use advertisement-frameworks – typically the not too trustworthy ones when it comes to registration process – and send banners like the Avira scam one out into the world.
When a website operator has implemented one of those advertisement-frameworks into his page and you visit it, chances are that you’ll be exposed to one of the malvertising messages. As unlikely as it seems this would actually be a kind of “legal” way, but there is another one, too: The criminals find a vulnerability and exploit the banner with a message of their own. This basically means that there is a re-direction to their own malware riddled promotion page.
To make sure that you suspect nothing, the criminals apply extremely sophisticated social engineering tricks: use of the Google logo, abuse trustful brands like Avira, or write in detail about the damage the user might face. The more plausible it sounds that your smartphone is in danger and might get damaged, the better. After all they only have this one chance to make you download their malicious APK!
Therefore, be careful about every pop-pup that wants to make you believe that your smartphone is in danger and you need to download some kind of software a.s.a.p. – especially if it appears out of the blue!