Malware Disguised as Ad Blocker Targets Android Users
Experts at Malwarebytes have discovered an interesting malicious Android app that pretends to be an ad blocker but is actually designed to show unwanted ads to users. The malware, named FakeAdsBlock, has already infected at least 500 devices. However, after collecting more than 1,800 samples of the malware, researchers believe the total number of infections is much higher.
How FakeAdsBlock Spreads
FakeAdsBlock is distributed through third-party app stores, where it appears as an ad-blocking app called Ads Blocker. Even worse, experts have also noticed that FakeAdsBlock was hidden in other apps under names like Hulk (2003).apk, Guardians of the Galaxy.apk, and Joker (2019).apk. These names clearly show that the creators of the malware tried to spread it through a fake streaming portal. In other words, users looking to watch a pirated movie end up installing a malicious app infected with FakeAdsBlock.
How the Malware Works
During installation, the fake ad blocker asks for permission to display content over other apps. This is already suspicious for an app that’s supposed to block content, not show it over other apps. Next, FakeAdsBlock requests access to set up a VPN connection, which is also strange. In reality, the app never connects to a VPN; instead, clicking “OK” simply allows the malware to always run in the background.
FakeAdsBlock also asks for permission to display a widget on the device’s home screen. At first glance, this doesn’t make sense either, since an ad blocker doesn’t need to show widgets. Researchers explain that the malware uses a transparent widget, inside which it loads ads at regular intervals. Since the ads are displayed inside the widget, it’s impossible to get rid of them unless the user removes the widget. But because the widget is invisible, the user doesn’t even know it exists.
After Installation
Once installation is complete, the app disappears from the victim’s view. The malware deletes its icon and starts bombarding the user with ads that appear everywhere and in many different forms. Full-screen ads, spam notifications, and websites that suddenly open and prompt the user to enable new notifications all start to appear.
How to Remove FakeAdsBlock
You can only remove FakeAdsBlock through the settings by going to the list of Android apps. The app is easy to spot here because it’s the only one without an icon or name. Clearly, the creators of FakeAdsBlock tried to hide these details to make the app harder to notice, but it actually had the opposite effect.