{"id":16892,"date":"2019-11-14T13:10:21","date_gmt":"2019-11-14T21:10:21","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/11\/14\/news-10630\/"},"modified":"2019-11-14T13:10:21","modified_gmt":"2019-11-14T21:10:21","slug":"news-10630","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/11\/14\/news-10630\/","title":{"rendered":"Stealthy new Android malware poses as ad blocker, serves up ads instead"},"content":{"rendered":"

Credit to Author: Nathan Collier| Date: Thu, 14 Nov 2019 19:51:58 +0000<\/strong><\/p>\n

Since its discovery less than a month ago, a new Trojan malware for Android we detect as Android\/Trojan.FakeAdsBlock<\/a> has already been seen on over 500 devices, and it\u2019s on the rise. This nasty piece of mobile malware cleverly hides itself on Android devices while serving up a host of advertisements: full-page ads, ads delivered when opening the default browser, ads in the notifications, and even ads via home screen widget. All while, ironically, posing as an ad blocker vaguely named Ads Blocker.<\/p>\n

Upon installation: trouble<\/h3>\n

Diving right into this mobile threat, let\u2019s look at its ease of infection. Immediately upon installation, it asks for Allow display over other apps <\/em>rights.<\/p>\n

\n
\"\"<\/figure>\n<\/div>\n

This is, of course, so it can display all the ads it serves. <\/p>\n

After that, the app opens and asks for a Connection request <\/em>to “set up a VPN connection that allows it to monitor network traffic.” <\/em>Establishing a VPN connection is not unusual for an ad blocker, so why wouldn\u2019t you click OK?\u00a0 <\/em><\/p>\n

\n
\"\"<\/figure>\n<\/div>\n

To clarify, the app doesn\u2019t actually connect to any VPN.\u00a0 Instead, by clicking OK, <\/em>users actually allow the malware run in the background at all times.<\/p>\n

Next up is a request to add a home screen widget.<\/p>\n

\n
\"\"<\/figure>\n<\/div>\n

This is where things get suspicious. The added widget is nowhere to be found. On my test device, it added the widget to a new home screen page.\u00a0 Good luck finding and\/or clicking it though.<\/p>\n