Random pop-up dialogues on mobile devices are not anything new. There’s been plenty of malware released that spams a mobile device with pop-up ads until it’s removed.
Recently, however, we’ve seen a sneaky new take on this kind of attack. As hackers aim more toward stealth over impact, we’re seeing attacks that are designed to be as believable as possible. Such is the case of the recent attack on Android devices, where 60,000 people were tricked by a fake, but authentic-looking, system message.
What Happened?
The attack is very sneaky with its method. Once the malware is on the victim’s phone, it looks for details on what the phone’s model name is. Once it gets a hit, it displays a system message that advises the user that the phone’s battery may be suffering under the memory load and specifically states the phone’s model to make it seem more authentic. It then offers an app that can be downloaded, which will help with the problem.
The pop-up presents the user with two buttons to either “Install” or “Cancel.” Regardless of what button the user actually picks, the malware then redirects them to a Google Play app that claims to help reduce battery usage.
This app comes loaded with a lot of eyebrow-raising permissions for a battery app, such as reading SMS messages, pairing with other Bluetooth devices, and full network access. If the user still trusts the app and installs it, the app has the ability to send back data from these permissions, but also installs an ad-clicker that makes the phone click on ads in the background to gain revenue for the hackers.
Curiously enough, besides the fact that it has a harmful side to it, the battery optimiser app did actually do what it advertised. This probably meant the base app was bought from a freelancer or a source code site then further developed to include a nasty payload. The app has since been deleted from the Google Play store.
What Can I Do?
This is quite a worrying development in malware, but there are a lot of steps in the attack process where a wise user can identify it and stop it before it can do any damage.
Avoid Shady Sites and Apps
To start, the best way to avoid this attack is to stop the initial phase from even installing itself on your phone. This can be achieved by being smart with what you install and which websites you visit. If you’re particularly paranoid, you can grab an Android antivirus to help defend you from the digital nasties.
Be Cautious Around Pop-Ups
When a pop-up appears for the first time, it’s a good idea to stop and read it before hitting any buttons. Hopefully, the only times you’ll see them are when a legitimate app is asking you something; however, it’s worth double-checking each new pop-up to make sure you’re not being tricked.
Check Apps Before Installing
Sometimes a phone manufacturer will recommend legitimate apps for you to download on the Google Play store. There are certain ways you can identify if a recommended app is safe to download. To start, check the developer name; it should be related to the manufacturer in some way. For example, this app that was recommended by Motorola was developed by “Motorola Mobility LLC.”
The app we covered earlier also asked for some eye-watering permissions for something as simple as a battery optimiser, which should have been a red light to users. There are other ways to find fake apps, which we covered in our article on the topic.
If in Doubt, Ask
If you still can’t make your mind up, it’s worth getting in contact with the phone’s developer to ensure the pop-up is real. This can be done via an online support forum where you can send a screenshot of the pop-up and ask if it’s malware or not. You can also phone a helpline for a quicker response.
Sneaky System Messages
With hackers becoming more and more inconspicuous with their attacks, users can very easily fall for a trap and not even realise it. Even the malware-loaded apps that users are tricked into downloading actually perform the job they advertise – they just come with unwanted extras! Now you know about this new method of attack and how to avoid it.
Do you feel safer against these kinds of attacks now? Let us know below.
Image credit: battery saving mobile scam app
Simon Batt is a Computer Science graduate with a passion for cybersecurity.
Our latest tutorials delivered straight to your inbox