Android/Trojan.FakeAdsBlock
ThreatDown is now the name of the Malwarebytes line of business products. References to Malwarebytes below reflect the amazing technology used to first identify the threat.
Short bio
Android/Trojan.FakeAdsBlock is Malwarebytes’ detection name for an extremely stealthy adware installer pretending to be an ad blocker for Android devices.
Type of infection
Android/Trojan.FakeAdsBlock is a Trojan for the Android platform that installs adware and possibly other malware. It is most likely installed from a third-party app store(s) by users looking for a legitimate ad blocker.
Malicious behavior
Users of affected systems will typically see full screen advertisements when opening the default browser, as well as ads in their notifications, and even ads delivered via home screen widget. They may also have seen this type of screen during install:
Users may notice this key icon in the status bar:
Aftermath
When Android/Trojan.FakeAdsBlock is running in the background, users may notice this blank notification.
When users click on the notification, it will ask permission to install unknown apps with a toggle button to “Allow from this source.” In this case, the source is the Trojan app. This could open up the ability to install even more malware.
Protection
Malwarebytes for Android protects against Android/Trojan.FakeAdsBlock.
Home remediation
Android/Trojan.FakeAdsBlock is extremely hard to find on the mobile device once installed. That is where Malwarebytes for Android can help you, by identifying these apps and removing them.