A fake ad blocker that is available outside of Google Play bombardes Android users with advertisements, many of which are vulgar, and to make matters worse, the cleverly hidden adware is difficult to remove.

As documented by antimalware provider Malwarebytes, Ads Blocker, as the app is called, uses various tricks to secretly and constantly bombard users with advertisements. The first is simply to request usage rights for display on other apps. A connection request is then made to ‘set up a VPN connection that can be used to monitor network traffic’. Finally, it seeks permission to add a widget to the home screen.

By approving the VPN connection – a standard requirement for some legitimate adblockers – Ads Blocker can run in the background at any time. Combined with the permission to display above other apps, the app is free to plaster advertisements in various aggressive and annoying ways. It displays advertisements on a full page on the screen. It delivers advertisements in the standard browser. It contains advertisements in notifications. And it places ads in the home screen widget.

Enlarge / There is no icon for blocking advertisements. “This Android malware is absolutely ruthless in its ad delivery and frequency,” wrote researcher Nathan Collier from Malwarebytes. “In fact, while writing this blog, it displayed countless advertisements on my test device with a frequency of about once every few minutes.”

The content of the advertisements is broad, including some, Collier wrote, which are ‘unpleasant’ or even ‘vulgar’.

Equally annoying is the difficulty in removing the fake ad blocker from devices. Ads Blocker has no icon. No mention is made of Ads Blocker in the App info section of the Android settings, because the app shields the name with a white box. Hiding leaves many people struggling to remove the app. A white box appears above the notification box. If you press the box, a dialog box appears asking you for permission to install more apps.

Enlarge / The name of the fake ad block will be removed from the App Info section of Android.

Malwarebytes

Collier then described a simple way to remove the app by searching for an entry with a storage size of 6.57 megabytes in the App Info section of the Android settings. Users can then select that item and use the Delete button.

This method did not seem to work on Android 10, because the App Info box does not display storage formats (at least not on the device I used). An alternative method would be to gain access to Storage in the Android settings and choose the Apps tab. Although the name and icon of the Blocker for ads are not displayed, the use of 6.57 MB should still be displayed. Users can then press the 6.57MB item, click on the screen directly above the “delete storage” and “delete cache” icons and choose uninstall. People can also use the free version of Malwarebytes for Android to remove the app.

Malwarebytes researchers still don’t know how Ads Blocker is distributed. Data in malware scan service VirusTotal suggests that the app spreads in the United States, probably when people are looking for an adblocker from a third-party app store. A forum post on a French website and a file name in the German language prove that the app may also be distributed in Europe.

So far, the Malwarebytes app has only detected 500 infections. After collecting more than 1,800 samples from the app, company researchers suspect that the total number of infections is much higher.

Similar Posts

Leave a Reply