Apps

PSA: Mobile web users are being redirected to a malicious system update website

21

Something weird is going on for those using mobile browsers like Google Chrome, and you should definitely know about it. Folks over at AndroidForums.com are reporting that they’re randomly being redirected to a website that claims to be installing a system update, as well as a popup alert that states your device is out of memory. Here are a couple of screenshots showing what it’d look like should you be unfortunate enough to come across it:

malicious update site

malicious update site 2

The website’s URL begins with “system.androldupdate.com” (note the lower-case L in place of an I in the word “Android”) and the page is made to look like an app update screen. Said page claims to be delivering a “System Kernel UI upgrade,” a strange one considering Google would never issue a kernel upgrade in this manner. The issue rears its head on a wide range of devices, including the Nexus 5, the ZTE Warp and the Samsung Galaxy S3.

Thankfully the Android Forums community is cautious enough to steer well clear of clicking anything on this page so we’re still not sure what, exactly, it’s attempting to do. There’s a chance it could attempt to download malware onto your device if you click anything on the page, though without any confirmation we can’t outright say that’s the case.

androidmalwareBAD

But more than what it does, we’re particularly worried about how all these different people seem to be exposed to the malicious page. The page reportedly loads at random when visiting a number of different trusted sites, such as NBC News, ABC or Cracked.

The early belief is that an ad network used by these sites have been infiltrated by a rogue ad that can take you from your intended destination to this deceiving page, something that certainly isn’t outside the realm of possibility considering it’s happened time and time again. All three of the aforementioned websites have one common denominator: they all use DoubleClick, Google’s widely-used premium ad-serving platform.

But that’s just the initial thought. The fact is much of the details about this are still unknown, but we’ll be looking to dig to the bottom of the story as more discussion takes place. Unfortunately Phandroid staff have been unable to reproduce the issue when trying to visit the aforementioned websites.

In the meantime we’ll be doing our part by contacting Google and seeing if they can shed any light on what’s going on (or if they’re even aware of the situation at all). Let us know if you’re seeing the same weirdness when browsing websites using Google Chrome, and by all means partake in the discussion at Android Forums so we can gather more information and perhaps get to the bottom of this concerning situation.

Oh, and this should go without saying: if you’re unlucky enough to come across this page then we advise you to close the tab immediately and don’t interact with anything on the website, and we urge you to leave a comment below or at AndroidForums letting us know what site you were visiting when you encountered it.

Quentyn Kennemer
The "Google Phone" sounded too awesome to pass up, so I bought a G1. The rest is history. And yes, I know my name isn't Wilson.

Google Santa Tracker updated for 2014 with new mini games and Android Wear support

Previous article

Gift-a-day Giveaway: 20 prizes including Nexus phones, tablets, and smart watches!

Next article

You may also like

21 Comments

  1. Hate that anyone would actually fall for this, but then I remembered both of my parents probably would.

    1. i can see the turmoil on the forums now anti virus bug droid etc. its beautiful

    2. Yeah I just texted both of my parents and my sister because they would probably install it without hesitation.

    3. But it says right there its an Arnold Update….Androld….Andloi….

      Ooh you like Arnold Palmers don’t you Herbert?

  2. So what does it do if you “update”?

  3. I’ve come across this fake update a few times on different website last week. Can’t remember what websites I was on exactly but it was like 2 or 3 had it.

  4. Aw crap, I’ve told my family when you see ‘update’ do it. Of course I meant OTA but they don’t know any better.

  5. Is anyone getting a random website coming up with virus warning. Using the new Google messenger and since I installed it at random times pressing it or chrome a website pops up. Confused!

    1. And games will pop up from the play store also

  6. Anybody that ever went thru the struggle of punching that check for updates button knows good and damn well this malware or whatever the hell it is is fake as Wendy Williams tities LMAO

  7. It was taken down!

  8. It’s not just that. Sometimes I automatically get redirected to the Playstore app to download certain games.

    1. All the time. Open the tech section at NBC and it just spams the play store over and over. It’s quite annoying.

  9. Just encountered this today using Chrome on my Verizon Samsung Galaxy Note 3

  10. probably a bad advertiser, i know in the past i’ve gotten a trojans from ads on this site (probably been a few years or so i think though). I have googleads.g.doubleclick.net, among others blocked in my hosts file so i don’t see that stuff, and redirect just lead to an unloadable deadend

  11. One of the reasons everyone should be using a hosts file and or a browser that has adblock capability. I use both. With Chrome you need to turn off “Reduce data usage” for a hosts file to work and I also use Dolphin which has an adblock addon. Malicious ads getting on trusted websites is not something new.

  12. I’ve seen this on NBC.

  13. This looks like the sort of thing I’d end up ignoring anyway, but thanks for the PSA!

  14. for years i have used webroots virus/malware protection on my nexus phones, even though i don’t need it.
    Once it alerted me to a malicious flashlight app, and has blocked web sites that could be harmful. ( giving me the option to continue)(also trips with web links in texts)
    99% of the time it just sits there, but sometimes it pops up, and when it does i don’t question it.
    I suspect this would be the kind of thing that it would catch.

  15. Damn I just got one of these messages when I was over at droid life. It said my internet browser was out of date

  16. This popped up when i was checking out an imgur link while on the ‘redditisfun’ app.

Leave a reply

Your email address will not be published. Required fields are marked *

More in Apps