'Ads Blocker' Mobile Malware

The 'Ads Blocker' mobile malware is designed to infect Android devices specifically. The threat is equipped with numerous, invasive functionalities and its actions could still impact the breached device long after the malware itself has been removed. The application could be installed as 'Ads Blocker V16.1' on the victim's device. However, finding it could be difficult, as the threat hides its files. For example, it will not appear among the items listed in the easy-access applications list. To find the threat, users will need to navigate to the application list available via device settings. However, even here, Ads Blocker will not have a name or an icon as part of its entry.

When installed, Ads Blocker will as for several important permissions, which it will proceed to exploit to access the device's calendar and obtain the ability to overlay other applications. The malware will access the user's calendar and create or inject numerous, potentially hundreds, of deceptive or fake events. Victims will subsequently start to receive constant notifications about events promoting dubious or even unsafe online content. The events created in this manner could persist even after Ads Blocker has been deleted. To be sure that all fraudulent events are removed, users may have to manually terminate them one by one.

Thanks to the overlay permissions, Ads Blocker could essentially hijack the user's browser applications on the device. When users try to initiate a Web search, the malware will redirect to a promoted search engine, instead of the one the user has set as default. As a result of the overlay window, users will see two URL bars with one showing their default search engine, while the other contains the redirect chain initiated by the threat. Infosec researchers have observed Ads Blocker causing redirects to the 'ubersearch.ch' website. This site belongs to a dubious search engine that generates mostly untrustworthy and low-quality results.

While active on the device, Ads Blocker also may deliver fake notifications. These messages could imitate the notifications of legitimate applications in an attempt to deceive the victim. Ads Blocker has been confirmed to imitate the notifications of the Messanger application.