An ad blocker supposedly provides protection to users against aggressive advertisements. However, researchers have found a fake Android ad blocker that actually barrages users with ads.
Fake Android Ad Blocker Found
Researchers from Malwarebytes have discovered a malicious ad blocker targeting Android users. This fake ad blocker, instead of blocking ads, itself works as adware.
As elaborated in a blog post, an app named ‘Ads Blocker’ has emerged online claiming to be an ad blocker. However, the researchers found that it actually displays ads on the target devices.
In brief, following its installation, the app begins seeking odd permissions from the user. For instance, it requires permission to display over other apps – certainly, a typical adware feature. Then, it charms the user to allow it to connect with some VPN by showing a nice message (see below).
While the user happily clicks ‘OK’ to allow VPN, he unknowingly allows the app to execute the malware in the background.
Then, the app asks a user to allow adding a widget to the home screen. Though a user won’t mind allowing it, the problem lies because of the invisibility of this widget.
After going through such vague steps, the app finally becomes invisible with no icon. The user then only views a small key icon in the status bar.
Moreover, there is a seemingly undetectable blank notification bar as well on the screen.
Tapping this bar then seeks permission to download more malware. According to the researchers,
If you happen to press this blank notification, it will ask permission to Install unknown apps with a toggle button to Allow from this source. In this case, the source is the malware, and clicking on it could allow for the capability to install even more malware.
Though the app goes invisible after installation, the user may notice its presence in the app settings where it appears as a plain box. Hence, at this point, the user may choose to uninstall this so-called adblocker.
Beware Of This Ad Blocker
Leveraging its features and permissions, this fake ad blocker generates numerous ads frequently. It either displays them as full-screen ads, shows them up as notifications, or can generate ads through browsers. In addition, it also uses that blank home screen widget to show ads.
Presently, researchers found this malicious Android app (Android/Trojan.FakeAdsBlock) to have a high infection rate.
According to VirusTotal detections, it seems the app is primarily spreading in the United States via third-party app stores. In some cases, the malware also disguised itself as movie apps. Whereas, it is also targeting users in France and Germany as well.
Let us know your thoughts in the comments.