Wednesday, February 21, 2024

Stealthy Android Malware Disguised as an Adblocker and Run in Background By Requesting Fake VPN Connection

Researchers observed a stealthy Android malware poses as ad blocker serves full-screen ads while opening the browsers, in the notification section and home widgets.

The malicious app(Ads Blocker V3.9) infection is on the rise, Malwarebytes researchers able to obtain 1,800 samples through their Mobile Intelligence System which shows the infection rate is high.

Good news is the app not distributed from Google play, still, the source of infection is unknown and it targets mainly the users in the united states and also in European countries such as France and Germany.

Trouble Starts Right After Installation

After the installation straightaway, the app asks to Allow display over other app rights form the users, once it granted then it shows a fake popup asking for the Connection request.

For an adblocker app, why it requires to connect with a VPN service? yes, it is a fake popup to make the malware run the malware all the time in the background.

Next, it asks to add a home screen widget, once added it hides and the widget is nowhere found. Nathan Collier who analyzed the malware managed to find the widget on a new home screen page.

To make it legit it also includes some jargon codes, once the app installed no icons will be created and it is hard to find. The only clue is the blank white notification and the small key icon status bar.

“If you try to find Ad Blocker on the App info page on your mobile device to remove manually, it once again hides with a blank white box. Also if you click on the blank screen it may lead to uninstall other malware, reads Malwarebytes report.”

Ads Everywhere

It shows ads in all possible places of devices, starting from the basic full-page ad, ads in notifications, ads in the default browser and with the home screen.

Stealthy Android Malware

Researchers believe that Ads Blocker V3.9 is more stealthy than xHelper and is capable of reaching the same rate of infection.


Latest articles

Beware of VietCredCare Malware that Steals businesses’ Facebook Accounts

A new cybersecurity threat targeting Facebook advertisers in Vietnam, known as VietCredCare, has emerged....

Google Chrome 122 Update Addresses Critical Security Vulnerabilities

Google has recently unveiled Chrome 122, a significant milestone for the widely used web...

New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack

Researchers have discovered that threat actors have been using open-source platforms and codes for...

New Mingo Malware Attacking Linux Redis Servers To Mine Cryptocurrency

The malware, termed Migo by the creators, attempts to infiltrate Redis servers to mine cryptocurrency on...

Security Onion 2.4.50 Released for Defenders With New Features

Security Onion Solutions has recently rolled out the latest version of its network security...

VMware Urges to Remove Enhanced EAP Plugin to Stop Auth & Session Hijack Attacks

VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin...

LockBit Ransomware Members Charged by Authorities, Free Decryptor Released

In a significant blow to one of the most prolific ransomware operations, authorities from...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles