How to remove the Higopo.com virus spam from Android

We were recently notified by our readers of a scam called Higopo.com. It’s been running for the better part of a month now, and at first we didn’t want to cover it at all, since we deal with malware, and not plain scams.

But, after researching the subject, it turned out it’s not only a scam, but a malware as well. Color me surprised on this, since the Higopo.com virus is the first significant Android malware I’ve seen in a year.

Higopo.com virus removal guide for Android

We want to give you all the information on the subject you might need in here. Removing the Higopo.com notifications is quite simple, actually, at least on Android. But we want to cover a few more points in this guide, because they will benefit you. For example:

  • What happens if you clicked to allow further notifications from other sites?
  • How do you protect your phone if the Higopo.com spam reappears?
  • What if you got confused by one of Higopo’s virus notifications and you did something like inputting personal data?
  • A lot of the traffic that redirects from Higopo.com is linked to infected android apps. What should you do if you mistakenly input your account and password and the virus already has it?

But let’s not get too much ahead. Before we cover all this, let’s give you the means to stop the notifications in the first place.

First, tap the three dots on the upper right in Chrome and go into your Settings.
Go in the Notifications tab and block all notifications (stop the “Show notifications” badge) for the time being to stop the spam until you remove the Higopo.com virus.

Chrome Notifications Android 473x1024

Next up go to Site Settings. You need to do two things here. One is to make sure some site settings weren’t changed by the malware. We are giving you the defaults here, but of course you’re free to change them to whatever you want. Your Notifications should be set to “Ask first“, scroll down, pop-ups and redirects should be blocked. We also recommend setting Third-party cookies to Block, although that’s not the default.

Site Settings 1 473x1024

The other thing you need to do is tap on All Sites near the top. This will send you to a new menu. First find Higopo.com in here and tap the trash icon next to it.
After that – at the top of the menu there is a “Delete browsing data” message. Tap it. Set the next menu as follows: Delete Browsing History from the time you started receiving notifications, delete Cookies and site data, and Site settings as seen in the image below. Just put the recency you want instead of “All time“.

Delete Browsing Data 473x1024

All of this sounds a little extreme, but it’ll remove the Higopo.com virus. The bigger issue is how this happened in the first placed. From the research I did and some comments from readers, it screams to me of a yet unpatched vulnerability in some Android apps.

What to do after removing the Higopo.com virus spam?

It’s difficult to speculate – I rushed to post the solution here. I will update the guide if I find more information. But for now allow me to give you some more pointers that can protect you.

My research suggests the notifications can take the form of the following things: expiring subscriptions, about blocking ads, McaFee antivirus being out of date, refunds, deposits, your Microsoft or Google account being locked up. The important note here is to NOT TO ENGAGE WITH THE NOTIFICATIONS. Don’t tap anything, just ignore the notifications if they reappear. Clean your browser fully again like you did above.

The next step at that point is to check and uninstall any app you downloaded right before the notifications first appeared. The infection happens in a as of yet unmarked manner. I’ve read messages and DM-ed infected people asking them how it started.
I heard a lot of different and conflicting accounts. Some people said they just scanned QR codes with an app they used 100 times. Others said they sideloaded some apps. A third party claimed downloading a 2 factor authentication app.

The other theoretical possibility is using unsafe public WiFi that was infected when this happened. This is the plausible explanation if you didn’t download anything an just browsed, or downloaded a legitimate app in a public network. Infected networks can serve you with more than what you download/access on them.

What to do if you fell for the Higopo.com spam?

At any rate, cleaning your browser settings should be enough. But that’s not the case if engaged or believed the notifications. One user claimed higopo.com redirected him and asked for a user name and password when he attempted to access a TV app account.

If you input anything – and even if you don’t – we recommend changing all recurring passwords, especially to websites you visited after the higopo.com virus started sending you notifications.

Is it possible Higopo.com isn’t a scam?

Frankly, no. You are dealing with criminals here. This means to be extra vigilant, because they are likely to be aggressive in some way. Again – I recommend resetting your passwords for all sensitive accounts.
The higopo.com website is a thinly-veiled fake that’s pretty easy to spot.

Higopo.coms Website 1024x637

It’s essentially positioned as a marketing material with empty words, but when you go to the About Us section (or Service for that matter), there’s no data there. No legally operating site will skimp on these details. Higopo.com is just the front for whatever scam advertisers want to trick you. It will disappear as soon as a real investigation is conducted and the scammers will create a new entity.


About the author

blank

Nathan Bookshire

12 Comments

Leave a Comment