Take a deep breath and don’t panic.
Security researchers at Symantec have discovered a series of mobile phone adverts, which attempt to scare users into believing their device has been infected by a Trojan horse called MobileOS/Tapsnake.
The messages, which some users might mistake for a genuine security warning, read:
ANDROID VIRUS DETECTED
A site you recently visited has infected your phone with (Trojan: MobileOS/Tapsnake)
Press OK to remove the threat.
As regular cynical readers of the site have probably already guessed, your smartphone isn’t really infected and this is a ruse to trick you into installing a fake anti-virus (also known as scareware) app.
Anyone duped into installing the bogus security software runs the risk of compromising their smartphone.
It’s not uncommon to see fake anti-virus scams spread on Windows and Mac, and their Android-based equivalents will typically be monetised by signing you up for premium rate phone services, messing with your browser to earn affiliate cash, or infesting your device with intrusive advertising pop-ups.
It’s worth noting that what makes the fake virus warning message a little more believable is that there really was a piece of Android spyware called Tapsnake, which was first spotted in 2010.
If you made the mistake of installing the real Tapsnake app you would be greeted by a retro “Snake” game, but your location would also be secretly shared with someone who wanted to spy on you.
Handy for jealous partners and stalkers, I guess..
There can be little doubt now that all Android users should seriously consider running an anti-virus program on their smartphones. The only thing to be careful about is that it comes from a legitimate vendor, rather than one of these scareware scam artists.
Further reading: “Android Tapsnake Mobile Scareware: Ads Push Antivirus”, Symantec.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.