Last week, several sites that used a mobile advertising platform were removed from Google's results by a manual action of misleading redirects, something that violates search engine guidelines.
Basically what this advertising system was doing was sending mobile visitors directly to the advertiser pages, which generated a very bad browsing experience.
In the sites that I saw with this behavior, the redirection took me to a page that started downloading a mobile application of very dubious origin. This gives me the opportunity to comment on a case like this that they are reporting on the Malwarebytes blog.
They have apparently come across a number of pop-ups(pop-up windows) that tell the user that your Android device is infected with a virus:
If the user believes that it is something real and does not realize that it's just misleading advertising, finish installing an application called Android Armor that in theory could eliminate the supposed detected virus, but as everything is a lie there is nothing to eliminate:
Although the application is not malicious since once it is installed it actually scans for viruses, due to the way it is promoted – very similar to the techniques used by fake antivirus – it could be classified as an unwanted application.
When we talk about advertising and antivirus, the boundary between honest and misleading advertising is very narrow. And in this case it is clear that they are going over the line to get customers.
You have to be careful with the mobile applications that are installed, the ideal is to always go to the official stores, read the opinions of other people and only install them if we are sure.
When something comes to us unexpectedly through pop-ups, redirects or unsolicited links, you have to be suspicious. When in doubt you can always consult with someone who has experience or in the many help forums on the internet.
And related to this, in the Android Central forum a user comments on his close encounter with this misleading application. Googling animated images for her niece's birthday ended up on a site that showed her this fake pop-up that warns her about the presence of a virus called Tapsnake.
He pressed the OK button and an installation window appeared, this is the screenshot he took:
In this situation, if the first thing was to turn off the phone and wait a few minutes to turn it on again. It should be mentioned that this is not directly a problem of Google, but of the site that shows that advertising to visitors. The same will happen if you access it from another search engine like Bing or even if you directly type the URL in your mobile browser.
The interesting thing about this case is the way in which you end up encountering advertising, since one generally when doing searches on Google is not expected to end up with messages that warn about viruses on the device. But it is also very curious the attitude he had later, in the forum he comments that he immediately accessed the Android store to install the application from there.
That in part was fine, since it is much safer to install something from the official store than to do it from another source. But it was like stumbling twice on the same stone, it's also interesting how I kept hooked on the app even though I was no longer seeing the popup.
To all this, after installing this antivirus, it carried out a complete scan of the device and of course there were no traces of the Tapsnake virus that it supposedly had originally. It is exactly the same deceptive behavior that they comment on the Malwarebytes blog.
If what you are looking for is a real antivirus for your Android, the best thing will be to resort to the solutions offered by recognized companies in the sector. Crazy apps aren't worth venturing into.