110 free spins, whoo!

So today I received a casual ad trying to trick me into clicking a shady link. I’ve gotten these before on my phone, but this time it was not only a message, it was a pop-up. To me this says that there is some sort of malicious crap on my phone itself, but what do I know eh? The text basically translates to “Primeslots now has a million euro grand prize, click here to receive 110 free spins”, nothing special to see here. It was easy enough to make the pop-up go away, all I had to do was to push the home key. Though after doing that I couldn’t open my messages without getting the same exact pop-up. At this point I turned to avast, but it said my phone was all fine and couldn’t detect any problems.

After turning off the whole messages app on my phone and clearing it’s cache the problem went away. Though that couldn’t have solved the problem completely, right? Also, I have no idea what the number at the bottom of the pop-up means, as it’s not my number and it’s not the “callers” number, which the pop-up says it is (probably just bad translation by whoever wrote that). The title of the pop-up is also misleading (viesti = a new message), as I couldn’t find any message related to this after getting the app to show my actual private messages. I can’t find any new files on my phone and haven’t installed anything shady lately, so I have nothing to go by… There was actually a message sent to everyone in my family, including phones that aren’t being used all that much and can’t even access the internet to receive their “110 free spins”, which makes me think my phone just deleted the message it had received or clearing cache got rid of it…? I honestly don’t know, so I’m asking if anyone has had anything similar happen to them or know of any solutions?

I should probably also point out that I’ve used Avast mobile in the past when I’ve had problems with my phone, but I don’t keep it constantly installed in order to save processing power. The phone I’m using is a rooted Samsung trend plus, which is still using It’s stock OS (4.2.2). The website linked in the pop-up (bit.ly/Primebonus) is non-malicious according to virustotal, but of course clicking either “cancel” or “save” wouldn’t necessarily have even sent me to a website.

Hi, what you have described above is a new form of extremely aggressive advertisement, these URLs emerge very fast these days, so thanks for reporting this one, we will block it immediately.
More on our blog: https://blog.avast.com/fake-antivirus-apps-mobile-browser