Deceptive Advertising Viruses Are Running Rampant in India, Says Cheetah Labs

Based on analysis by Cheetah Mobile Security Research Lab, mobile malware has been running rampant in India. India is now the second largest smartphone market in terms of active unique smartphone users. According to data collected by Cheetah Mobile, out of all the infected devices around the world, 17.8 percent are from India. Almost 45% of the infected phones are dealing with the following top 10 viruses. Here are the top 10 viruses affecting most Indian smartphone users in the first half year of 2016: 

Budget Android phones are very popular in India. Unfortunately, some of these mobile phones have been pre-loaded with viruses even before reaching to consumers.

Based on information from Pornhub, a famous porn website, India stands at third place in terms of global porn viewership as of January 2016. Back in August 2015, the government of India ordered internet service providers (ISPs) to block access to 857 pornography websites, although the ban was partially lifted five days later, due to criticism over authorities’ decision.

It’s no surprise that porn website is one of the most popular channel for spreading malware. Users are tricked into downloading various apps related to porn while they are browsing these websites, which greatly increases the possibility of exposing their mobile device to infecting new viruses.   

In this ever-changing security landscape, some of these malware now focus on making profit via spreading deceptive advertising. Below, Cheetah Mobile Security Research Lab summarizes several typical categories of these deceptive advertising viruses. These viruses keep producing pop-ups on users’ phones, which impacts user experience severely. The viruses also consume a lot of network traffic while they download unnecessary (and even harmful) apps in the background, without users’ knowledge.

Deceptive advertising can take many forms, therefore, users are affected differently. Here are a few scenarios users might experience deceptive advertising on their mobile devices:

Turning on or charging your phone 

When users turn on or start charging their phones, the virus is prompted to display full-screen advertisement. Once you click on it, the virus will start downloading unnecessary apps or even malwares to your phone. 

Installing or uninstalling apps

When users install or uninstall apps, the virus will trigger pop-up ads disguised as return and close icon, so users have no choice but forced to click on the ad.

When an app is running

When user activates an app, this particular virus would pop up an ad which covers the entire interface, making it impossible to continue using the app.

Exiting an app

When user exits an app and tries to return to the home screen, the virus would then pop up an ad, tricking the user into clicking and installing an unnecessary app.

Random app recommendations on the desktop

Some users might notice icons of new apps on their desktop that they didn’t downloaded themselves. If they click on the unknown icon, it will then activate the installation automatically (and the return/close button will be hidden so users can’t terminate the installations.) In fact, the APKs have been downloaded by the virus, and the icons are aimed to trick users into installing unnecessary apps that leveraged deceptive advertising.  

Random pop-ups or permanent ads on the notification bar

The Google search box in the following screenshot is disguised by virus for tricking users into using the fake search box, so it can recommend users installing other apps.  

Random full-screen ads

Unwanted apps will be downloaded automatically after users click on these ads.

According to Cheetah Mobile Security Research Lab, among the top 10 viruses infecting most phones in India, five are root trojans. Once these trojans manage to get into victims’ mobile phones, they will try to root the infected devices and embed the major behavior module into the systems. Antivirus tools must have root privilege to kill these trojans, so they typically live much longer than ordinary trojans. Root Trojans are also able to silently install other apps on users’ phones. 

The lack of network security knowledge is the main reason mobile viruses are running rampant in India. Some users in India are still not completely aware of the damage mobile virus might bring to their mobile life, while many users aren’t familiar with removing these tricky viruses from their devices. Cheetah Mobile aspires to help promote awareness towards mobile security and ultimately help secure mobile devices in India.