Monday, May 19, 2025
HomeAdwareStealthy Android Malware Disguised as an Adblocker and Run in Background By...

Stealthy Android Malware Disguised as an Adblocker and Run in Background By Requesting Fake VPN Connection

Published on

SIEM as a Service

Follow Us on Google News

Researchers observed a stealthy Android malware poses as ad blocker serves full-screen ads while opening the browsers, in the notification section and home widgets.

The malicious app(Ads Blocker V3.9) infection is on the rise, Malwarebytes researchers able to obtain 1,800 samples through their Mobile Intelligence System which shows the infection rate is high.

Good news is the app not distributed from Google play, still, the source of infection is unknown and it targets mainly the users in the united states and also in European countries such as France and Germany.

- Advertisement - Google News

Trouble Starts Right After Installation

After the installation straightaway, the app asks to Allow display over other app rights form the users, once it granted then it shows a fake popup asking for the Connection request.

For an adblocker app, why it requires to connect with a VPN service? yes, it is a fake popup to make the malware run the malware all the time in the background.

Next, it asks to add a home screen widget, once added it hides and the widget is nowhere found. Nathan Collier who analyzed the malware managed to find the widget on a new home screen page.

To make it legit it also includes some jargon codes, once the app installed no icons will be created and it is hard to find. The only clue is the blank white notification and the small key icon status bar.

“If you try to find Ad Blocker on the App info page on your mobile device to remove manually, it once again hides with a blank white box. Also if you click on the blank screen it may lead to uninstall other malware, reads Malwarebytes report.”

Ads Everywhere

It shows ads in all possible places of devices, starting from the basic full-page ad, ads in notifications, ads in the default browser and with the home screen.

Stealthy Android Malware

Researchers believe that Ads Blocker V3.9 is more stealthy than xHelper and is capable of reaching the same rate of infection.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives

Advanced persistent threat (APT) groups with ties to China have become persistent players in...

Cache Timing Techniques Used to Bypass Windows 11 KASLR and Reveal Kernel Base

Cache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization...

Hackers Exploit AutoIT Scripts to Deploy Malware Targeting Windows Systems

Cybersecurity researchers have unearthed a sophisticated attack leveraging AutoIT, a long-standing scripting language known...

New Report Finds 67% of Organizations Experienced Cyber Attacks in the Last Year

A disturbing 67% of businesses in eight worldwide markets—the US, UK, Spain, the Netherlands,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild 

Google has released critical security patches for Android devices to address 57 vulnerabilities across...

GPUAF: Two Methods to Root Qualcomm-Based Android Phones

Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array...

SpyMax Android Spyware: Full Remote Access to Monitor Any Activity

Threat intelligence experts at Perplexity uncovered an advanced variant of the SpyMax/SpyNote family of...