New risk for Android users, according to Avast researchers, a new version of Fobus malware is disguised as a disguise in the well-known Adblock Plus browser extension. This extension excludes ads in your browser.
Many app developers Android offer their applications for free by incorporating ads in order to cover their costs and make some profit. These can of course be annoying, especially in games, which is why users are looking for an ad blocking tool.
Avast researchers who analyzed the new version of Fobus report that besides the rights it asks for and uses to connect the spyware included, malware is also extremely difficult to remove from the device.
With the administrator Android device rights it has acquired, it deletes its icon directly from the screen and continues to work seamlessly in the background.
The first sign of the problem becomes visible right from the start when the list of permissions that your Android device requests is displayed. Requests include the consent to make phone calls and send messages to premium services. Of course, an ad blocking tool has no use with it.
Once fully installed on the Android smartphone, it will be very difficult to get rid of it because the authors have incorporated a strong defense for any kind of energy from the user.
Avast researchers report that when they tried to get their administrator rights to remove it, malware displayed a lock on the device screen.
"Fobus has a receiver that controls calls from device_admin_disable_request. When the user tries to turn off the device manager, this receiver catches the request and forces the device to lock the screen with a call to the lock mode. This feature does not allow the user to confirm deactivation. " he says Jan Alert's Avant.
Any attempt to unlock the screen is followed by a new screen lock from the malware if the confirmation window appears only for a very short period of time, which is not enough to prevent it with your finger.
However, if you are the "son or daughter of the wind" and you catch it, you get a bullying message informing you that if you continue the process, all your device data will be deleted through a full factory reset.
The threat, according to Sirmer, is not just a threat, as Fobus will only be removed when you manage to get the administrator privileges you have given him.