Malwarebytes experts discovered an interesting malicious Android application. Malware masks itself as an ad blocker, but is actually intended to display unwanted ads to users.
Malware was called FakeAdsBlock and has already infected at least 500 devices. Although, having collected more than 1800 samples of malware, researchers believe that the total number of infections is much higher.FakeAdsBlock is distributed through third-party application directories, where it appears as an ad blocking application called Ads Blocker. Even worse, experts also noticed that FakeAdsBlock was hiding in other applications under the names Hulk(2003).apk, Guardians of the Galaxy.apk and Joker(2019).apk.
These names clearly indicate that the creators of the malware tried to transfer the spread of malware to a fake streaming video portal. That is, users want to watch a pirated movie, and ultimately install a malicious application infected with FakeAdsBlock”, – say the researchers.
During installation on the device, a fake blocker requests permission to display content on top of other applications. This is already rather strange for an application whose task is to block content and not show one content on top of another. Then FakeAdsBlock asks for access to establish a VPN connection, which is also quite suspicious. However, in fact, the application does not connect to the VPN at all, instead clicking on the “OK” button allows the malware to always work in the background.
Read also: Phantom TVs steal money from Amazon users
FakeAdsBlock also requests permission to display the widget on the device’s home screen. At first glance, this also makes no sense, because ad blockers do not need to show widgets.
Malware actually uses a transparent widget inside which loads ads at regular intervals. Since ads are displayed inside the widget, it is impossible to get rid of them unless the user removes the widget. However, since the user of the widget does not see it, he does not know at all that it exists”, – explain the researchers.
This completes the installation, and the application disappears from the victim’s field of vision forever. The malware removes its icon and begins to bombard the user with ads that appear everywhere, in a variety of forms. Full-screen ads, spam notifications, and sites that suddenly open, prompting the user to enable new notifications.
How to get rid of malware?
You can remove FakeAdsBlock only through the settings by going to the list of Android applications. The application is easy to find here as it is the only application that does not have an icon and a name. Obviously, the authors of FakeAdsBlocker wanted to hide these details so that the application was harder to notice, but everything turned out quite the opposite.