“Congratulations, you won” scam started bothering Android users

“Congratulations, you won” pop-ups found the way to reach Android users

It’s nearly impossible to find a person who has never seen “Congratulations, you won”^[1] pop-up when browsing the web. This old scam wants to give netizens a hope that they won iPhone, iPad, Samsung Galaxy or various gift vouchers. However, they have to take one simple step in order to claim the prize – to complete the survey.

If you ever tried to fill the questionnaire, you probably have realized that it’s a scam. No one gives you a prize no matter how many surveys you complete. However, computer users are still quite easy to trick by hoaxes like “Congratulations Amazon User,” “You have won(1) Microsoft Gift today” or similar which uses the names of popular companies.

There might be several purposes of these scams. First, developers generate revenue from filled surveys. However, the second reason is more important and threatening – collect sensitive user’s data, such as phone numbers.

Nevertheless, scammers bother Windows users for years; they also managed to step into Android devices. Researchers from Symantec reported^[2] about active “Congratulations, you won” malware distribution in Singapore, where users can receive a fake Giant and FairPrice^[3] gift vouchers.

Android malware allures users with fake grocery store vouchers and gaming consoles

Security firm Symantec reported about new Android virus that spreads the old “Congratulations, you won” scam. Detected as Android.Fakeyouwon, malware checks affected device’s IP address in order to identify the location and deliver targeted scam.

The research tells that malware has a big ad library that includes numerous fake coupons and rewards from popular local shops. The analysis of the campaign Singapore tells that scammers offer one of the three gifts for Android users:

• $1000 Fair Price or Giant (grocery stores) vouchers;
• gaming consoles;
• mobile handset.

However, in order to claim the prize, people are asked to fill the survey. Once you fill the questionnaire, you will be asked to enter some contact information, such as full name, email or phone number. But giving personal information to cyber criminals won’t bring your desired prize.

Fakeyouwon malware can pretend to be a legitimate app

Infiltration of mobile “Congratulations, you won,” or Fakeyouwon, malware barely differs from the desktop version of a cyber threat. It typically arrives as a legitimate application. What is interesting, these apps usually do not ask for lots of permission in order not to raise suspicions for the users.

However, researchers warn that this might be just the beginning of new era of mobile scams. Thus, malware can be updated and find the way how to trick Android users into giving “advice admin” rights.

Thus, we would like to remind users not to download apps from third-party stores and stick to Google Play Store. Indeed, it does not guarantee 100% security.^[4] However, if you do your research before installing the app, your chances to get infected with Fakeyouwon or another mobile malware^[5] are significantly lower.

Additionally, if you encounter a pop-up congratulating you on winning a great prize, don’t get excited. Remember, that no one gives you latest iPhone or thousands of dollars worth gift cards for free. Scammers ask for the personal details in order to commit further crimes, and you will be left with increased phone bill or more serious privacy issues.