I often warn about the dangers posed by info-stealing malware and banking trojans but there’s another mobile threat you need to worry about: adware. In fact, an adware infection can render one of the best Android phones unusable with ads popping out of nowhere when you least expect it.
According to a new blog post from the cybersecurity firm Malwrebytes, the MobiDash adware has returned to wreak havoc on vulnerable Android phones. First discovered back in 2015, this adware has continued to spread in the time since through hundreds of different variants.
At the same time though, it also comes as a pre-packaged set of tools that hackers and scammers can add to any Android Application Package or APK file which makes distributing it even easier.
Here’s everything you need to know about the MobiDash adware along with some tips on how to stay safe from having your own Android phone infested with annoying ads.
Hiding in plain sight
One of the main things that helps MobiDash stand out from other types of adware is that it can easily be added to legitimate Android apps without changing how they work.
For instance, let’s say you download and install a flashlight app (which I don’t recommend for obvious reasons). The app itself will still work as intended but hidden inside it, there will be adware waiting to fill your phone’s screen with unwanted ads.
To make matters worse, MobiDash often waits for several days before activating on an infected phone. This makes the annoying ads it serves up harder to detect, especially if you recently installed several new apps on your Android smartphone.
Malwarebytes’ ThreatDown cybersecurity platform recently uncovered a new MobiDash campaign that spread through phishing emails as well as in links on social media posts made by real people as well as bots.
With these posts on Facebook, users who click on a link in a screenshot (something you should absolutely avoid) are then sent through a chain of redirects which ends in an APK file being automatically downloaded to their phone. Likewise, Malwarebytes’ researchers also found that MobiDash was being spread on adult sites in a similar way.
How to stay safe from adware
Staying safe from this particular campaign is quite easy and you can avoid falling victim to the MobiDash malware by not sideloading apps. While you shouldn’t sideload apps in the first place, you definitely should install any APK file that’s randomly downloaded onto your smartphone after clicking on a link in an email or social media post.
Besides adware, sideloading apps can leave you with a nasty malware infection and those who did fall for this latest MobiDash campaign got off lucky. Instead of sideloading, you should only download apps from the Google Play Store or from official third-party app stores like the Samsung Galaxy Store or the Amazon Appstore.
To keep your Android phone protected from adware, malware, spyware and other threats, you want to make sure that Google Play Protect is enabled. This pre-installed app scans any new apps you download as well as your existing ones to help keep you and your data safe. For extra protection though, you may also want to consider running one of the best Android antivirus apps alongside it on your phone.
Hackers and scammers are always coming up with clever new campaigns designed to steal your data and your hard-earned cash or in this case, to bombard your phones with ads in order to commit ad fraud. However, MobiDash could also serve up malicious ads which can infect your phone with malware. Either way, you want to be extra careful where you click and avoid installing apps from unknown sources.
This likely isn’t the last we’ve heard of MobiDash as this particular adware has been going strong for almost a decade.
More from Tom's Guide
