Tech Support Scams Move on to Android

Photo credit: dolphfyn/
Photo credit: dolphfyn/

Malwarebytes researcher Jérôme Segura noted in an analysis that since more and more crooks seem to be going after smartphone and tablet users, he set out to see what it took to run into one of them when looking for Android support online. It didn't take much.

“While paying for ads requires a certain budget, ads have the advantage of funneling higher quality prospects because people are actually already experiencing an issue,” he explained. To start his investigation, he did a Bing search for “Android slow tech support” that was performed directly from an Android tablet. After clicking on one of the results, he was taken to a “typical, run-of-the-mill online tech support page whose main goal is to incite the visitor to call the 1-800 number for assistance.”

After calling and getting a “technician,” the gambit began to play out almost immediately.

“I was prepared for every possibility, having a Virtual Machine running Android’s Jelly Bean and also a real physical Motorola Droid 4,” he said. “Interestingly enough, the tech support technician told me that he would not be able to directly connect to our phone and that I had to plug it into a computer (laptop or desktop) first. What their intent was quickly became clear when they asked me to download remote login software so they could connect to our PC.”

He then ran a “scan” and proceeded to spout garbage “techspeak” geared to fool a layperson into thinking that what was happening was legit.

Segura documented some of it:

“Alright Sir. Just let me know one thing Sir. So when you are doing work on your mobile phone or on your computer ok, do you receive any kinds of pop ups for operation {inaudible} like Adobe Flash Player, or anything like Java as well as on your mobile phone? You get a pop up right? And you always connect your mobile phone with your Wi-Fi right? So the thing is there are some kind of infection over here, so that’s why the infections transfer from your network to your phone ok?”

The technician then identified one particularly “dangerous file,” naming a Windows executable that would never be compatible with Android. And in perhaps the most blatant lie, purported to remove all supposed infected files into the trash can before having them appear to re-infect the device by moving them back out of the bin.

After all of that smoke-and-mirrors action, the bill in total came to $299 for one year of “support.”

Consumers, of course, need to be vigilant whenever they decide to seek help via random web-based tech services – and should probably opt for known tech outlets through their mobile carrier or a retail store.

“The scary thing is that many people that aren’t too tech-savvy will believe these words at face value and end up paying several hundred dollars for dubious services from rogue technical support companies,” Segura said. “I can imagine that in a near future those fake support companies will remotely access the phone or tablet directly because more and more people no longer own a ‘traditional’ computer.”

What’s Hot on Infosecurity Magazine?