Based on analysis by Cheetah Mobile Security Research Lab, mobile malware has been running rampant in India. India is now the second largest smartphone market in terms of active unique smartphone users. According to data collected by Cheetah Mobile, out of all the infected devices around the world, 17.8 percent are from India. Almost 45% of the infected phones are dealing with the following top 10 viruses.
Budget Android phones are very popular in India. Unfortunately, some of these mobile phones have been pre-loaded with viruses even before reaching to consumers.
In this ever-changing security landscape, some of these malware now focus on making profit via spreading deceptive advertising. Below, Cheetah Mobile Security Research Lab summarizes several typical categories of these deceptive advertising viruses. These viruses keep producing pop-ups on users’ phones, which impacts user experience severely. The viruses also consume a lot of network traffic while they download unnecessary (and even harmful) apps in the background, without the knowledge of users.
Deceptive advertising can take many forms, therefore, users are affected differently. Here are a few scenarios users might experience deceptive advertising on their mobile devices:
#1 Turning on or charging your phone
When users turn on or start charging their phones, the virus is prompted todisplayfull-screen advertisement. Once you click on it, the virus will start downloading unnecessary apps or even malwares to your phone.
#2 Installing or uninstalling apps
When users install or uninstall apps, the virus will trigger pop-up ads disguised as return and close icon, so users have no choice but forced to click on the ad.
#3 When an app is running
When user activates an app, this particular virus would pop up an ad which covers the entire interface, making it impossible to continue using the app.
#4 Exiting an app
When user exits an app and tries to return to the home screen, the virus would then pop up an ad, tricking the user into clicking and installing an unnecessary app.
#5 Random pop-ups or permanent ads on the notification bar
The Google search box in the following screenshot is disguised by virus for tricking users into using the fake search box, so it can recommend users installing other apps.
#6 Random app recommendations on the desktop
Some users might notice icons of new apps on their desktop that they didn’t downloaded themselves. If they click on the unknown icon, it will then activate the installation automatically (and the return/close button will be hidden so users can’t terminate the installations.) In fact, the APKs have been downloaded by the virus, and the icons are aimed to trick users into installing unnecessary apps that leveraged deceptive advertising.
#7 Random full-screen ads
Unwanted apps will be downloaded automatically after users click on these ads.
According to Cheetah Mobile Security Research Lab, among the top 10 viruses infecting most phones in India, five are root trojans. Once these trojans manage to get into victims’ mobile phones, they will try to root the infected devices and embed the major behavior module into the systems. Antivirus tools must have root privilege to kill these trojans, so they typically live much longer than ordinary trojans. Root Trojans are also able to silently install other apps on users’ phones.
The lack of network security knowledge is the main reason mobile viruses are running rampant in India. Some users in India are still not completely aware of the damage mobile virus might bring to their mobile life, while many users aren’t familiar with removing these tricky viruses from their devices.