Friday, May 2, 2025
HomeAdwareStealthy Android Malware Disguised as an Adblocker and Run in Background By...

Stealthy Android Malware Disguised as an Adblocker and Run in Background By Requesting Fake VPN Connection

Published on

SIEM as a Service

Follow Us on Google News

Researchers observed a stealthy Android malware poses as ad blocker serves full-screen ads while opening the browsers, in the notification section and home widgets.

The malicious app(Ads Blocker V3.9) infection is on the rise, Malwarebytes researchers able to obtain 1,800 samples through their Mobile Intelligence System which shows the infection rate is high.

Good news is the app not distributed from Google play, still, the source of infection is unknown and it targets mainly the users in the united states and also in European countries such as France and Germany.

- Advertisement - Google News

Trouble Starts Right After Installation

After the installation straightaway, the app asks to Allow display over other app rights form the users, once it granted then it shows a fake popup asking for the Connection request.

For an adblocker app, why it requires to connect with a VPN service? yes, it is a fake popup to make the malware run the malware all the time in the background.

Next, it asks to add a home screen widget, once added it hides and the widget is nowhere found. Nathan Collier who analyzed the malware managed to find the widget on a new home screen page.

To make it legit it also includes some jargon codes, once the app installed no icons will be created and it is hard to find. The only clue is the blank white notification and the small key icon status bar.

“If you try to find Ad Blocker on the App info page on your mobile device to remove manually, it once again hides with a blank white box. Also if you click on the blank screen it may lead to uninstall other malware, reads Malwarebytes report.”

Ads Everywhere

It shows ads in all possible places of devices, starting from the basic full-page ad, ads in notifications, ads in the default browser and with the home screen.

Stealthy Android Malware

Researchers believe that Ads Blocker V3.9 is more stealthy than xHelper and is capable of reaching the same rate of infection.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Dutch Services Disrupted by DDoS Attacks From Russian-Affiliated Hacktivists

Multiple Dutch organizations have experienced significant service disruptions this week due to a series...

Seven Malicious Packages Exploit Gmail SMTP to Run Harmful Commands

A major supply chain security incident has rocked the Python open-source community as researchers...

CISA Issues New ICS Advisories Addressing Critical Vulnerabilities and Exploits

The Cybersecurity and Infrastructure Security Agency (CISA) has issued two new advisories revealing critical...

NVIDIA TensorRT-LLM Vulnerability Let Hackers Run Malicious Code

NVIDIA has issued an urgent security advisory after discovering a significant vulnerability (CVE-2025-23254) in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

GPUAF: Two Methods to Root Qualcomm-Based Android Phones

Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array...

SpyMax Android Spyware: Full Remote Access to Monitor Any Activity

Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of...

43% of Top 100 Enterprise Mobile Apps Expose Sensitive Data to Hackers

A comprehensive study by zLabs, the research team at Zimperium, has found that over...