One of the characteristics that makes MobiDash stand out is that it can be added to legitimate apps without changing how the original app functions. Say, for example, you install a calculator app: You still get the calculator, but you get adware served to you on the side. <\/p>\n
Another devious feature is that MobiDash often waits for a few days before it becomes active, making it harder for the user to work out where the ads are coming from. The app they downloaded works, and because there’s no immediate sign of infection there is no reason to suspect that app.<\/p>\n
The ThreatDown investigation started by researching a domain that recently popped up in a phishing campaign. We found that besides the phishing campaign, links to this domain were being spread on Facebook.<\/p>\n But not just Facebook, we found that MobiDash was also being spread on certain sites that specialize in explicit content.<\/p>\n When victims click the link, it starts a chain of redirects (lookebonyhill.com > apkretro.com > 3-dl-app.com) that ends in the automatic download of an .apk file, although some users reportedly had to use the Download button.<\/p>\n Within a few days, the user will start to see ads pop up out of nowhere, until the app is uninstalled.<\/p>\n![\"Link](\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/Facebook_link.png\")
![\"link](\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/arabsex.png\")
<\/p>\n![\"Download](\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/10\/APK_download.png\")
<\/figure>\nHow to avoid\/remove adware<\/h2>\n
\n
![\"Malwarebytes](\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/09\/lookebonyhillcomblock.png?w=521\")