Recently, Security researchers discovered that there’s an Android malware disguised as ad blocker and later on annoys users with pop-up ads. When this malware-ridden app is installed on an Android phone it starts annoying users with multiple ads popping up after every couple of minutes. This malware app named FakeAdsBlock already infected more than 500 users as reported by Malwarebytes who spotted this malware in the first place. According to Nathan Collier, some evidence found displays that the same FakeAdsBlock malware can also be seen hidden in apps named ‘Hulk (2003).apk’ ‘Guardians of the Galaxy.apk’ and ‘Joker (2019).apk’. According to the researcher, the creators of malware use various trending movie names in a pattern to shift their distribution among various users. Users who are looking for various new sources to watch pirated movies end up installing malicious apps like these and this distribution vector isn’t something user will see for the first time its been used before especially with the apps that give access to users for adult movies.
According to sources, the malware disguised in ad-blocking apps use a transparent widget to display ads at regular intervals and the as the ads displayed on the screen are shown inside a widget, user can only close the ads from the inside of the widget but as users are unaware of the widget existing on the first place so they never know where to look for the widget or how to cancel the ads at all.
Read next: Google seeks the help of security firms to check the Play Store for malware
What is FAKEADSBLOCK?
This malware is something beyond normal malware especially the way it displays ads to users. This malware starts during the installation process when an Ad Blocker app with hidden malware asks for permission from users to display content over various other apps. If you take a look at the permission process you’ll find it odd to grant access to display content on apps where its only goal is to remove content. But that’s not the only shady part, later on, the app will ask for access to install a VPN connection on your phone which again is something pretty shady if you ask any security expert. When users click OK the actually grant access to run the malware in the background all the time. The FakeAdsBlock malware also asks for permission from the user to display a widget on the home screen of the device which doesn’t make sense at all. After finishing all the requirements for a moment the app displays some text scrolling down on the screen and later on disappears forever. The icon of the malware is removed from the home of the phone and then the bombardments of the ads begin. Various formats of ads begin popping up on the screen including full-screen ads, notifications spam and even websites that open without the users' consent. One of the most untrustworthy tricks that we haven’t seen before is the use of a home screen widget to display ads on the device of the user.According to sources, the malware disguised in ad-blocking apps use a transparent widget to display ads at regular intervals and the as the ads displayed on the screen are shown inside a widget, user can only close the ads from the inside of the widget but as users are unaware of the widget existing on the first place so they never know where to look for the widget or how to cancel the ads at all.
How to know such malware exists on the phone?
It is pretty difficult to find such malware on mobile devices once installed as there are no icons for Ads Blocker but some hints of the existence of such apps can help users identify such malware on their phones. After accepting a fake VPN connection message via the malware app a small key icon is created and this small key can help prove that the malware is already running in the background. Once the user identifies the existence of such malware on their phones they can easily go to their Android OS app setting and remove it the same as any other Android app. The malware app should be easy to be identified as it is always without any icon or name.
Read next: Google seeks the help of security firms to check the Play Store for malware
