MENU

Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
ANTI-CYBERCRIME GROUP
Camp BGen Rafael T Crame, Quezon City
E-mail: This email address is being protected from spambots. You need JavaScript enabled to view it.

ACG-CYBER SECURITY BULLETIN NR 177: Beware of FakeAdsBlock Malware

Reference Number: ACG-CSB 112519177

         The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.

SUMMARY 

          This malware is something beyond normal malware especially the way it displays ads to users. This malware starts during the installation process when an Ad Blocker app with hidden malware asks for permission from users to display content over various other apps. If you take a look at the permission process you’ll find it odd to grant access to display content on apps where its only goal is to remove content. But that’s not the only shady part, later on, the app will ask for access to install a VPN connection on your phone which again is something pretty shady if you ask any security expert. When users click OK the actually grant access to run the malware in the background all the time. The FakeAdsBlock malware also asks for permission from the user to display a widget on the home screen of the device which doesn’t make sense at all. After finishing all the requirements for a moment the app displays some text scrolling down on the screen and later on disappears forever. The icon of the malware is removed from the home of the phone and then the bombardments of the ads begin.

         the FakeAdsBlock adware will start spamming them with constant irritating advertisements. The FakeAdsBlock adware does not hold back and makes sure that it displays advertisements in every spot where they can be displayed. This includes Web browser tabs, application menus, notification area, on top of other applications that are running, etc. Reports state that in some cases, the FakeAdsBlock adware goes as far as launching new windows while the users are browsing the Web and referring them to advertising websites. The developers of the FakeAdsBlock adware have developed the adware’s home screen widget in a rather clever manner. They have made sure that the home screen widget is invisible.

         the FakeAdsBlock adware may prove to be quite the task. If too many applications was installedon your mobile phone, it may be even more difficult to wipe out the FakeAdsBlock adware. The FakeAdsBlock adware does not have an icon and has an empty name, so spotting it is very difficult. It is advisable to download and install a reputable anti-virus application that will help you in removing the FakeAdsBlock adware from your mobile device.

RECOMMENDATION

            All PNP personnel as well as the public are advised to follow the tips in order to avoid the risk of FakeAdsBlock Malware:

  • Install/download latest anti-virus software/updates;
  • Regularly update applications, software and operating system;
  • Check your device’s security settings to ensure maximum protection
  • While downloading from the Play store, make sure to get to know the app permissions before installing or updating;

For additional information, please refer to the following websites:

  • https://www.digitalinformationworld.com/2019/11/stealthy-android-malware-poses-as-ad-blocker-serves-up-ads-instead.html
  • https://www.digitalinformationworld.com/2019/11/stealthy-android-malware-poses-as-ad-blocker-serves-up-ads-instead.html
  • https://www.zdnet.com/article/android-malware-disguises-as-ad-blocker-but-then-pesters-users-with-ads/
  • https://www.removemalwarevirus.com/guide-to-delete-fakeadsblock-from-windows-pc
  • https://www.enigmasoftware.com/fakeadsblock-removal/

POINT OF CONTACT

            Please contact PMAJ ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.