A recent campaign spreading the MobiDash adware for Android has been uncovered by ThreatDown’s experts. The campaign utilizes phishing emails, social media links, and even links from adult websites to distribute the malicious adware. MobiDash adware, which targets Android devices, has been prevalent since 2015 and is distributed through various variants. It is delivered in the form of a Software Development Kit (SDK), which can be easily integrated into any Android Application Package (APK), allowing attackers to inject the adware into legitimate apps.
One of the key characteristics of MobiDash is its delayed onset; it can remain dormant for up to three days after installation before it begins displaying ads on the affected device. Victims often struggle to identify the source of the intrusive ads since the adware is hidden within legitimate APKs. This makes it challenging for users to determine which app is causing the problem and can lead to frustration, as the ads persist until the app is uninstalled.
The distribution chain for the latest campaign involves a series of redirects that begin with links shared on platforms like Facebook. The chain leads users to a website that automatically downloads an APK file, though some users may need to manually click a download button. Malwarebytes and ThreatDown have managed to block several parts of this redirection chain, including malicious websites like lookebonyhill.com and cinepornogratis.com, preventing the adware from reaching users’ devices.
To prevent infection, users should be cautious about clicking on suspicious links, particularly those shared on social media or less reputable websites. Malwarebytes provides detection and removal capabilities to block MobiDash and other related threats. The campaign highlights the continued reliance on social engineering and phishing tactics in the distribution of mobile malware, underscoring the importance of vigilance and security on Android devices.
Reference:
