Monthly Archives: February 2016

Fake Rootkit.Sirefef.Spy pop-ups on Android devices

Malicious viruses: Rootkit.Sirefef.Spy and Trojan.FakeAV-Download. A short and misleading pop-up message you may get if your Android phone or tablet is infected with adware. It will display this pop-up when you use your web browser and it doesn’t matter which one, native or Chrome for instance. Rootkit.Sirefef.Spy doesn’t even exist. It’s a made up threat because Sirefef rootkit can only infect Windows machines and it can’t really spy on you.

I got this fake pop-up when I was redirected to a bogus website with even more ridiculous URL info.nq.com.recommend-apps.fantasiticads. Of course, if you don’t know the fact that it’s no an Android malware you might be scared that your device is infected. After all, the fake pop-up claims that your SIM card may be infected and you will soon lose your contacts and other important date. Scary, isn’t it? but down’t worry. It’s just a popup message or an advert if you want. The real problem is the adware app that displays such pop-ups on your device.

The fact is that every time you download something – be it a lifestyle app, an instant messenger application, or a TV series, you could also potentially be downloading a little hidden – and not entirely pleasant – extra. The clue is in the name when it comes to Potentially Unwanted Apps and adware – that’s not the $60 billion dollar question, but what is, is what Potentially Unwanted Apps can do once they are installed on your smartphone or tablet. A PUA’s most common tactic is to display adverts and pop-ups while you browse the net or simply use your device. Some of the pop-ups may be very misleading and claim that you are infected with Rootkit.Sirefef.Spy and Trojan.FakeAV-Download.

Rootkit_Sirefef_Spy

If you got this “Malicious viruses: Rootkit.Sirefef.Spy and Trojan.FakeAV-Download” pop-up once and you managed to close it then you are probably fine. But if you keep getting it constantly then there’s probably some app installed on your device which has to be removed. To do so, please go to the Application Manager in Settings, find your web browser and clear both cache and data. See if that gets rid of the pop-up ad. If it does you will also lose your history, bookmarks etc. but that’s the price you’ll have to pay. If the clear operation doesn’t work you may need to do a factory reset, but back up your important data first.

ATTENTION! Your mobile device has been blocked up for safety reasons pop-up ads

ATTENTION! Your mobile device has been blocked up for safety reasons. AUDIO AND VIDEO RECORDING IN PROGRESS. Amount of fine is 100$. You can pay a fine with Ukash or PaySafeCard vouchers. TYPE YOUR CODE (100$ Ukash or PaySafeCard) AND PRESS ‘OK’.

If you keep getting this fake pop-up advert on your mobile device then you were either redirected to a bogus website or your device is infected with adware. Scammers use multiple websites for malwaretising to avoid detection. In my case it was kcorpdevicegovprotectverify.pw but your might be different. Scammers target users from both platforms Android and iOS, so don’t be surprised if you get this fake advert on your iPhone. Malwaretising is not just about Android devices.

kcorpdevicegovprotectverify

Adware apps are often overlooked as being the baby of the bunch when it comes to malware or online attacks, but that’s not to say you should disregard them, for, like any apps which installs itself surreptitiously on your mobile device, they have not been designed with your user experience in mind. Adware apps are software programs that are downloaded onto your smartphone or tablet, usually without your knowledge or permission. If that doesn’t make sense from the get go and you’re wondering how you could ever download something without knowing about it, let us introduce you to the sneaky way in which malware, and adware apps, work.

If you got this “ATTENTION! Your mobile device has been blocked up for safety reasons” pop-up once and you managed to close it then you are probably fine. But if you keep getting it constantly then there’s probably some app installed on your device which has to be removed. To do so, please go to the Application Manager in Settings, find your web browser and clear both cache and data. See if that gets rid of the pop-up ad. If it does you will also lose your history, bookmarks etc. but that’s the price you’ll have to pay. If the clear operation doesn’t work you may need to do a factory reset, but back up your important data first. If you have an Apple device, navigate to Settings/ tap Safari/ select Clear History, Cookies and Data. That should do the trick.