The infection begins during the installation process, where the app asks for permission to display content over other apps. This should be a sign that something is amiss, since doing the exact opposite is what you’d expect from an ad blocker. It then continues by asking to install a VPN connection. The malware doesn’t actually connect to a VPN, but the permission allows it to run in the background at all times. And finally, the malware asks for permission to show widgets on the infected device’s homescreen. The malware removes its own icon after it gets all these permissions. And the endless annoyance you downloaded the ad blocker for begins. You’ll start getting full-screen ads, notification spam, websites that randomly pop up, asking to send you more notifications, and even ads in the form of widgets.
The widgets are can be especially annoying, since you can’t dismiss the ads without getting rid of the widget itself. They are also transparent, meaning you won’t actually know it’s there until it pops up. Fortunately, you can still remove this Android malware by heading to the Android OS’ apps section. It’s also easily identifiable as the one with no icon or name. It also only propagates via third-party app stores or bogus streaming sites. So unless you’re deliberately taking risks, it shouldn’t be easy to get infected by this particular Android malware. (Source: Malwarebytes via ZDNet)