Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response

Android Tapsnake Mobile Scareware: Ads Push Antivirus

Created: 20 Dec 2013 23:12:35 GMT • Updated: 23 Jan 2014 18:02:16 GMT • Translations available: 日本語
Satnam Narang's picture
+2 2 Votes
Login to vote

Recently we have observed a series of mobile ads intended to scare users into believing that their device is infected with a threat called “Trojan: MobileOS/Tapsnake”.
 

image1_20.png

Figure 1. Fake Tapsnake infection warnings
 

The malware alert is fake. Tapsnake is an older Android threat (we blogged about it in 2010 and detect it as Android.Tapsnake) that just happens to be mentioned in these ads to make them appear more authentic. We visited a site serving these ads using a brand new Android device with a fresh install and nothing on it and still received this alert. Users of Apple's iPhone have also reported seeing Tapsnake alerts, despite the fact that the threat doesn’t target iOS devices.
 

image2_11.png

Figure 2. Scareware tactics target Android users
 

This type of warning is commonly associated with scareware, which originated on PCs. When users visit scareware websites, they are shown a warning that claims their computer or device is infected with malware. These scareware sites may then offer free downloads of fake antivirus software.

This is all a trick designed to convince the user to download an application.
 

image3_11.png

Figure 3. Android Antivirus app offer
 

Symantec Security Response advises users not to install applications outside of trusted app stores. Instead, users should only trust well-known and reputable security software, such as Norton Mobile Security available on the Google Play app store. For general safety tips for smartphones and tablets, visit the Symantec Mobile Security website.