Interestingly enough, there has been an AdBlock app spreading around the Android Users community. Users might be rejoicing with what I've just said and want to download that app this instant. But hold up! Let's check that app first! Is it real? Is it legit? Or is that just another malware?(Boo! D:< )
Unfortunately guys, I'm sorry to tell you, but it indeed is malware. It's Fobus aka Podec.
What does this malware do?
Fobus/Podec is actually a spyware that disguises itself as an AdBlock app. It requires certain permissions for the app to be installed.(They all seem shady to me since all the app has to do is just block those ads. So be careful! and READ app permission requests when installing apps!) It also creates a legit looking app icon as if it came from AdBlock Plus itself.
sample app permission requests
It attempts to gain Administrator Rights/Privileges by requesting certain permissions while the app is being activated by the user.
sample app requests before activation
When the app is activated, the malware deletes the app icon and then spies on the infected device. This malware has a receiver that checks the infected device's device_admin_disable_request for calls. Once the user notices the application's shady acts and decides to disable or deactivate the device administrator, the malware's receiver will catch the request and forces the infected device to lock the screen via a call to the Lock Now function which prevents the user from confirming the deactivation.
If infected users still attempt to unlock their screen, the malware tries to relock it. Users would have to be quick to click if they ever want to unlock their device. Because the confirmation box will only be visible for only a limited time. The malware's annoying lock screen action only lasts for a while til the confirmation box simply just displays itself onscreen. Sometimes users are required to push one of the hardware buttons in order to activate their screens.
When the user finally manages to unlock their screen, the application will still be there. If the user attempts to disable the app's administrator privileges again, the malware will scare the user into performing a full factory reset of their devices.
 |
| sample app's fake threat to the user |
This time, the app displays a fake notice to the user which warns them that they would have to do a full factory reset on the device and that they would lose all the data that's stored within the infected device. If the user calls bluff and proceeds to click the ok button, the device privilege will be successfully disabled and the malicious app can now be uninstalled and removed by the user.
Article Ref: https://blog.avast.com/2015/01/15/fobus-the-sneaky-little-thief-that-could/
No comments:
Post a Comment