Jump to content

Scareware on brand new stock Android

Recommended Posts


Would it be impossible for a brand new 'bone' stock Android phone to be infected with malicious software from Scareware or Prize pop-ups? I have seen about five of them since getting the phone and setting it up - most were spoofing Google, saying my device was infected. The most recent was spoofing Amazon saying I won $1,000. 

I had been using Chrome only while accessing the internet on my home wifi network while signed into my Google account,  and shutting down the phone after the Google spoofs occurred. On the most recent last pop up that was spoofing Amazon, I answered the three survey questions, and shut down the phone right away ( I know, I took the bait and I was stupid) but hey, Amazon really does promote through their 3rd party affiliates a sweepstakes. It's posted on their actual site. 

Anyway, I just purchased an Essential PH-1 which has zero, nada, no reports of adware/malware ever being shipped on any phone. Essential Products is new start up that just released their first flagship phone last year.

I've downloaded only one app onto this phone from Play Store since buying it (late December), but I was already receiving the Scareware before I downloaded the app.

The only other scenario I can think of that might have started this on my phone is Chrome sync is involved someway.  I called my ISP to ask them to run diagnostics to find if an attacker changed my DNS server setting, or if my router's remote admin interfaces we're hacked. They said nothing seemed to show evidence of this occuring.

Consider then if any data had been maliciously manipulated by an attacker who got control of one desktop which uses a Chrome browser (specifically an unsupported Chrome browser on an unsupported Windows OS desktop), would it be then possible that this data could be spread via Chrome sync and cause spoofing scareware to appear on the Android phone? (Only one Google account exists). 

Here is how I understand what might explain this better. 

Google Chrome (both the desktop and mobile versions) records a significant amount of data –  from internet browsing activity,  bookmarks, tabs, passwords, and more  – and syncs across all of the devices logged into with that Google account. As soon as a login into a brand new device is made with that Google account, all of the previously synced data is brought over and saved to the new device, resulting in an overhaul of the Chrome application on that device.

Can this be possible?? I know Chrome for mobile doesn't have extensions or apps.

If not, could someone provide another explanation?

And back to asking the original question again after reading this thread, 

Would it be impossible for a brand new stock Android to be infected with malware from Scareware / pop-ups?






Edited by Fab4
Necessary information to add
Link to post
Share on other sites

Please consider this...

They are scams that exist on web sites and not on Windows, MAC, Android or other systems that access the Internet.

Scammers use a construct called the Browser User-Agent  and will target the victim with specific content based upon what the User-Agent of the device or system reports to the web site.  Google Chrome, Apple Safari, Opera, and Mozilla Firefox are not immune from what are just basically nefarious "web sites".

People will stop at the street curb.  They will look to the left the look to the right and then look to the left again and if it is safe, they will then cross the street ( assuming they have situational awareness and do not have their nose buried in a Smart Phone ).  However when people are on the Internet they fail to take the safeguards to cross the streets of the Internet and fall prey to the many scamming vehicles that traverse the roads of the Internet.



Link to post
Share on other sites

Thanks. I see. It started to concern me if it has a potential to spread malicious software. Or maybe I'm confusing the Browser User-agent with something different. 

Then based on the analogy of looking both ways for traffic before crossing, based on the specific content I received, then this Browser User-Agent is similar to vehicular traffic that one has no control over, but one needs to be cautious of (URL), since these nefarious sites can pick up browsing habits, and choose to target whomever based on what that person had been searching with their browser which was reported to the web. Am I sort of correct? I didn't read about this on MB.

Edited by Fab4
Clarified grammar
Link to post
Share on other sites

The web site is the vehicle.  The User-Agent changes the appearance and speed of the vehicle in reference to the Internet pedestrian.

This User-Agent tells the web site I am on an iPad

Mozilla/5.0 (iPad; CPU OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) CriOS/30.0.1599.12 Mobile/11A465 Safari/8536.2

So the web site will change its appearance and content to fit that device and its perspective on the person viewing that web site

So if I am on an iPad I can expect scams geared towards Apple and Safari.



Link to post
Share on other sites

One last thing.  I have made a PDF ScreenShow of what are known as FakeAlerts.  All these are scams telling one their computer ( or Smart Phone ) is infected and to call a number or download software.  These too are just another form of scam web sites.  Yet, it is common for people to think it stems from malware on the computer or device.  The ploys are different but the actions follow the same pattern.  Both the scams you came across and these play on the naivety of those on the Internet.


Edited by David H. Lipman
Spelling, Grammar and Clarification
Link to post
Share on other sites

Hi @Fab4

These types of ads are browser related. This is caused by the way most browsers handle redirections executed by javascript code.  Most browsers don't do a great job of preventing these redirects, which also cause ad pop-ups.  Advertising affiliates are aware of this, and exploit this weakness.  Even if an advertising affiliate is shut down for using this exploit, they just come back with a different affiliate id and are right back at it.

The best way to block these pop-ups are to try a different browsers, disable javascript, install a browser with ad blocking (like Opera), and/or install Ad-block Plus.

If you encounter these pop-ups again, back out of them using Android's back key. Also, clearing your history and cache will help stop the ads from reoccurring.

Thanks for reaching out,


Link to post
Share on other sites

Thanks. I've been actively looking for another Browser for Android. In addition to Opera that you mentioned, I've been reading about Firefox as an option to mask the Browser and OS. I can't remember for certain whether it had , or still has built-in UA masking script to spoof sites to thinking you're using another browser. 

I know Chrome (for desktop) has an extension offered by Google. The odd thing about that is, Google states it does NOT increase your browsing security? So I can't see the reason why Google developers created it.

Thanks for the tips !





Link to post
Share on other sites

Further reading on Google has led me to more understanding behind Google's bolstered efforts, beginning on Chrome (beta) for Android (64.0.3282.29). This was supposed to include big changes on the browser's security side. It was in version 64 that it's pop-up blocker features behavior was included so that it would be more efficient at blocking re-directs.

After disabling Javascript for the very first time today as suggested, I noticed an inability to log in to some online accounts. 

Yet my device has been updated to Chrome stable version 64.0.3282.119 ever since Feb. 1st with the stronger pop-up blocker, and my browser experienced one instance as I mentioned at the beginning of this thread.

I'm finding that I'm often misunderstanding the terms frequently used  - Ads and Pop-ups. These seem to mean those commonly related less threat-like, nuisances.

Malvertising , however, seems to be a term more suited to  differentiate what appeared to have occurred on my stable Chrome browser. Security features often seem lacking better descriptive term(s) or else they use the terms 'Ads and Pop-ups' interchangeably to mean a security threat similar to the four or five occurances that happened on my Chrome browser.

Certainly, Ads that  'pop-up' in a window that have an 'X' to close that window while viewing the website page, can not be the identical type of threat as when on a web page that suddenly opens links in new tabs and re-directs the old tab to a new URL.

Google just released Chrome for Android 65.0.3325.53 (beta) on Feb. 6. I'm planning to wait for the stable version from Google Play to be available to see whether any security bugs may have been found in 64. In the meantime, I'll have to keep toggling JavaScript 'on' and 'off'.






Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.