FakeAdsBlock floods Android devices with fake ads

Android ad - Featured image

FakeAdsBlock is the ironic name of a Trojan spreading rapidly through the Android user community.

Malwarebytes discovered the malware in October 2019, estimating that only about 500 mobile devices had been affected at that time. The Trojan is disguised as an ad-blocking app, but in fact its effects are the opposite: FakeAdsBlock floods infected systems with countless ads.

Malwarebytes updated its detect-and-repair software in response to the FadeAdsBlock threat, but the company reports that the malicious software has continued to spread, particularly in the United States, since it was detected. 

FakeAdsBlock overruns infected Android devices with full-page ads, ads when opening the default browser, ads in the notifications, and even ads via home-screen widget. Since it poses as an ad-blocking app, FakeAdBlock infiltrates phones and tablets easily by tricking users into voluntarily allowing full access. 

The Trojan is very hard to detect once installed. The software doesn’t have an icon, and the only clue of its existence comes in the form of a small key symbol located in the status bar. If you recognize these symptoms, go to the November 14 Malwarebytes report and learn how to remove it from your system.

According to experts, the Trojan is “absolutely relentless in its ad-serving capabilities and frequency,” serving voluminous pop-ups and other ads in a matter of minutes. 

The discovery of this malware comes amid a significant increase in attacks directed toward Android devices. Malwarebytes has noted a significant increase in viruses and Trojans targeting Android systems. For example, a malicious app called xHelper infected more than 33,000 Android devices in August. Like FakeAdsBlock, xHelper was difficult to detect and trace.

Other reports of adware and malware are also on the rise. Users were put on alert after Kryptowire, a renowned security firm, revealed that as many as 146 vulnerabilities come pre-installed on popular mobile devices from Xiaomi, Samsung, and Sony. The list eventually expanded to 29 manufacturers, all more vulnerable than previously suspected.

MalwareBytes analyst Nathan Collier says FakeAdsBlock is most likely infecting devices through software at a third-party app store. There is at present no evidence suggesting the virus has been distributed through the Google Play app store.

Although its origins remain unknown, FakeAdsBlock is suspected to be related to a movie app store, as some of the infected files have names like Hulk (2003).apk, Guardians of the Galaxy.apk, and Joker (2019).apk.