Cybersecurity researchers have discovered a new piece of malware for Android that serves up ads. Malware detected as Android/Trojan.FakeAdsBlock has already spread across more than 500 devices. It remains hidden on Android devices. Funnily enough, this malware poses as an ad blocker. In spite of that, it serves up a host of ads. Researchers at Malwarebytes explain how easily it can spread. As soon as the app is installed, it asks for permission to 'Allow display over other apps.' If you allow this, it will be able to display all the ads it serves.
Later on, it will ask for a Connection request to 'set up a VPN connection that allows it to monitor network traffic.' Chances are users will most likely tap 'OK.' since establishing a VPN connection is not unusual for an ad blocker. But this is where things get interesting. The app doesn’t actually connect to any VPN. Instead, tapping 'OK' allows the malware to run in the background at all times.
Then it will request to add a home screen widget. Raising suspicion, the added widget will be nowhere to be found. More often than not, it will be added to a new home screen page. The fake ad blocker app contains a lot of random characters and strings to show the app is legit and the app is doing its job of blocking ads. But in reality, that is not the case at all.
It will be very difficult to find any clue that the app is working including blank notification box, a blank icon in the app settings and more. Tapping on these blank options seeks permission to 'Install unknown apps' so that it could allow for the installation of even more malware. To make things worse, the app even sends ads in notifications.
"Needless to say, this stealthy Android malware that plasters users with vulgar ads is not what folks are looking for when they download an ad blocker. Unfortunately, we have already counted over 500 detections of Android/Trojan.FakeAdsBlock," Malwarebytes said in its blog post.
"Moreover, we collected over 1,800 samples in our Mobile Intelligence System of FakeAdsBlock, leading us to believe that infection rates are quite high. On the positive side, Malwarebytes for Android removed more than 500 infections that are otherwise exceedingly difficult to remove manually," Malwarebytes added.
Protecting against mobile malware is of paramount importance. All you need to do is beware of third-party app stores and have a backup in case apps like Ads Blocker have your data deleted or compromised.