{"id":12880,"date":"2018-07-23T08:10:07","date_gmt":"2018-07-23T16:10:07","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/07\/23\/news-6647\/"},"modified":"2018-07-23T08:10:07","modified_gmt":"2018-07-23T16:10:07","slug":"news-6647","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/07\/23\/news-6647\/","title":{"rendered":"Mobile Menace Monday: Adware MobiDash gets stealthy"},"content":{"rendered":"

Credit to Author: Nathan Collier| Date: Mon, 23 Jul 2018 15:00:50 +0000<\/strong><\/p>\n

The Adware known as MobiDash, detected by Malwarebytes for Android<\/a> as Android\/Adware.MobiDash<\/a>, is far from a new. However, this ad-displaying nuisance now comes with some additional stealth features.<\/p>\n

First appearing last spring, these new features are not limited to a single variant of MobiDash. Instead, the correlation among these stealth versions lays within the package name com.veniosg.dir.android.<\/em>\u00a0As a result, these stealth features hide the existence of Adware MobiDash\u2014even when it\u2019s in plain sight!<\/p>\n

Look closer<\/h3>\n

When I first came upon this stealthy MobiDash, a customer was having a terrible time removing the adware from their mobile device. Malwarebytes for Android was unable to remove it, due to it being an active device administrator.<\/p>\n

\"\" \"\"<\/p>\n

As by design by the Android Operating System, any app given device administrator privileges cannot be uninstalled until first being removed from the device administrator’s list. Attempting to uninstall an app with device administrator rights will display the screen shown above. The screen displays a warning about not being able to uninstall, and provides a link to the device administrator’s list.<\/p>\n

Okay, simple enough, just remove the offending piece of adware from the list and uninstall, right?\u00a0 Well, what if it doesn\u2019t exist in the device administrator’s list!? Have a look for yourself below.<\/p>\n

\"\"<\/p>\n

There\u2019s \u201cFind My Device\u201d and \u201cMalwarebytes,\u201d both with legitimate reasons to be in the device administrator’s list. But there’s no adware app in sight.<\/p>\n

But wait. Look a little closer.<\/p>\n

\"\"<\/p>\n

That blank line right at the bottom of list\u2014bingo! If you didn\u2019t see it at first, you\u2019re not alone.<\/p>\n

Even more stealth<\/h3>\n

After removing Adware MobiDash from the device administrator’s list, now that you see it, the next step is uninstalling. By far, the easiest method to uninstall this tricky adware is to rescan with Malwarebytes for Android. This method assists with easily uninstalling. Removing manually can also be done, albeit it\u2019s a bit trickier.<\/p>\n

Manual removal<\/h4>\n

Depending on your mobile device\u2019s Android OS version, there may be a shortcut icon disguising itself as Settings.<\/p>\n

\"\"<\/p>\n

If this exists alongside with the real Settings icon, simply drag the fake Settings icon to Uninstall<\/strong>.<\/em><\/p>\n

However, there are many cases where this icon doesn\u2019t exist. Thus, it must be removed via the mobile device\u2019s App List:\u00a0Settings<\/em> > <\/strong>Apps<\/strong>.\u00a0<\/em>Scroll all the way to the bottom of list, and you\u2019ll discover a blank entry at the very end.<\/p>\n

\"\"<\/p>\n

Click on it, and you can uninstall from the app info screen.<\/p>\n

The how and why<\/h3>\n

So how, exactly, can this stealth Adware MobiDash version get device administrator rights? Well, it must be given the rights manually by the user. It\u2019s surprisingly easy for a user to mistakenly do so, and even easier with this piece of adware. Why? Because usually giving an app device administrator rights comes with a list of scary operations to allow. This MobiDash version doesn\u2019t ask for any, as shown below.<\/p>\n

\"\"<\/p>\n

So why did it even bother tricking users into activating device administrator if there are no operations to allow? As highlighted above, it makes uninstalling way more tedious\u2014especially with the extra stealth features.<\/p>\n

It happens<\/h3>\n

I could preach about not activating device administrator to unknown apps, but instead I\u2019ll just say, \u201cIt happens.\u201d On Android, there are an abundance of features you must allow to get legitimate apps to work properly. This sometimes exhausts users<\/a> to the point of just blindly allowing everything. It\u2019s no wonder that the bad apps can slip under the radar.<\/p>\n

Luckily in this case, the outcome is simply annoying ads and nothing worse. But if you don’t want to deal with the hassle of an adware infection, slowing down and being a little more vigilant can save you time in the long run. Stay safe out there!<\/p>\n

The post Mobile Menace Monday: Adware MobiDash gets stealthy<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Nathan Collier| Date: Mon, 23 Jul 2018 15:00:50 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
Adware MobiDash, an ad-displaying nuisance, now comes with some additional stealth features. As a result, these features hide the existence of Adware MobiDash\u2014even when it\u2019s in plain sight.<\/p>\n

Categories: <\/p>\n