So how can you check if your phone is infected? Well, Collier listed a number of symptoms to look out for. First and foremost, he said a programme with the Trojan housed inside will have suspect permissions, such as asking for the ability to display over other apps.
Secondly, deceiving programmes with FakeAdsBlock were noted to ask for permission to set up a VPN connection. Going ahead with the option was said not to connect to a VPN at all, but give it free reign to run in the background at all times.
The malware’s demands weren’t noted to cease there though. Collier said on the test device used by Malwarebytes, the Trojan asked to place a widget on the user’s home screen. Once agreed to, the widget was declared to make a new home screen page for the user before disappearing entirely.
Signs the malware is running the background include a key logo in a device’s notification panel next to battery, signal and Wi-Fi information. Additionally, the app was also said to exhibit a big area of white space in the user’s notification tray, too. Worse still, pressing this area was said to bring up a request asking for permission to “install unknown apps” on the device in question.