Aggressive advertising threatens Android and iOS devices

According to ESET researchers, aggressive advertising that distributes dangerous malware is currently naughty. In addition, the malware creates alleged events in the iOS and Android calendars.

These ads often cost money to victims as premium SMS messages are sent and subscriptions are taken. With Android, banking and SMS are at risk of Trojans or malicious applications getting on the devices. Android / FakeAdBlocker, as it is called malware, usually hides its launcher icon and delivers unwanted scareware or pornographic ads. According to ESET researchers, this malicious application was downloaded more than 150,000 times on Android devices from January 1 to July 1, 2021. Most of the victims were from Russia, the United States, Mexico and Germany. Hundreds of malicious programs were also downloaded.

Great risk for Android users

The situation is even more dangerous for those who suffer from using an Android smartphone or tablet. Fraudulent websites offer malicious applications for download outside of the Google Play Store. In one scenario, the website prompts you to download an application called “adBLOCK” which has nothing to do with proper use and is the opposite of blocking ads. In another situation, when downloading the requested file, the victims are provided with a web page that describes the steps for downloading and installing the malicious application “Your file is ready to download”. In both cases, the scareware ad or Android / FakeAdBlocker Trojan is delivered via a URL mini-service. But not only was Android / FakeAdBlocker distributed, for example, Bank Trojan Server disguised as an update for Chrome or Android and Adobe Flash Player.

Link shortcode services use aggressive advertising techniques

ESET researchers have identified link shortcode services that place appointments on iOS calendars and spread the Android / FakeAdBlocker malware that can be launched on Android devices. On iOS devices, these links can not only flood victims with unwanted ads, but also create events on victims’ calendars by automatically downloading the ICS calendar file. “If someone clicks on such a link, they will see an ad that generates revenue for the person who created the abbreviated URL. The problem is, these link shortcode services use aggressive advertising techniques, such as squareware advertising to target certain users. Devices are vulnerable to dangerous malware,” Lucas Stephenko explains.

www.eset.com/de