New risk for Android users, according to Avast researchers, a new version of Fobus malware is disguised as a disguise in the well-known Adblock Plus browser extension. This extension excludes ads in your browser.
Many app developers Android offer their applications for free by incorporating ads in order to cover their costs and make some profit. These can of course be annoying, especially in games, which is why users are looking for an ad blocking tool.
Avast researchers who analyzed the new version of Fobus report that besides the rights it asks for and uses to connect the spyware included, malware is also extremely difficult to remove from the device.
With the administrator rights of the Android device it has acquired, it immediately deletes its icon from the screen and continues to work seamlessly in background.
The first sign of the problem becomes visible right from the start when the list of permissions that your Android device requests is displayed. Requests include the consent to make phone calls and send messages to premium services. Of course, an ad blocking tool has no use with it.
Once fully installed on the Android smartphone, it will be very difficult to get rid of it because the authors have incorporated a strong defense for any kind of energy from the user.
Avast researchers report that when they tried to get their administrator rights to remove it, malware displayed a lock on the device screen.
“Fobus has a receiver that checks for calls from device_admin_disable_request. The moment the user tries to disable the device manager, this receiver catches the request and forces the device to lock the screen with a call to the lock function. This function does not allow the user to confirm the answeractivation" he says Jan Alert's Avant.
Any attempt to unlock the screen is followed by a new screen lock screen από το κακόβουλο λογισμικό, εφόσον το παράθυρο επιβεβαίωσης εμφανίζεται μόνο για ένα πολύ σύντομο χρονικό space, which is not enough to catch with your finger.
However, if you are the "son or daughter of the wind" and you catch it, you get a bullying message informing you that if you continue the process, all your device data will be deleted through a full factory reset.
The threat, according to Sirmer, is not just a threat, as Fobus will only be removed when you manage to get the administrator privileges you have given him.
