惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
Martin Fowler
Martin Fowler
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V
Visual Studio Blog
博客园_首页
Engineering at Meta
Engineering at Meta
The Cloudflare Blog
MongoDB | Blog
MongoDB | Blog
Blog — PlanetScale
Blog — PlanetScale
T
The Blog of Author Tim Ferriss
雷峰网
雷峰网
D
Docker
博客园 - 司徒正美
S
SegmentFault 最新的问题
M
MIT News - Artificial intelligence
博客园 - 叶小钗
博客园 - 三生石上(FineUI控件)
U
Unit 42
J
Java Code Geeks
A
About on SuperTechFans
N
Netflix TechBlog - Medium
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
Security Affairs
I
Intezer
Cisco Talos Blog
Cisco Talos Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
B
Blog RSS Feed
P
Privacy & Cybersecurity Law Blog
T
Tenable Blog
T
Threatpost
H
Hacker News: Front Page
G
Google Developers Blog
博客园 - 【当耐特】
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research
L
Lohrmann on Cybersecurity
大猫的无限游戏
大猫的无限游戏
Google DeepMind News
Google DeepMind News
A
Arctic Wolf
S
Secure Thoughts
GbyAI
GbyAI
NISL@THU
NISL@THU
S
Security @ Cisco Blogs
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Webroot Blog
Webroot Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
O
OpenAI News
Spread Privacy
Spread Privacy
Application and Cybersecurity Blog
Application and Cybersecurity Blog

Threat Walkthroughs – ThreatDown by Malwarebytes

Fake Booking.com emails target hotels Phishers go “interplanetary” to get company login credentials “Enhanced Bonus” QR code phish steals Microsoft credentials USB worms: Still wriggling on to under-protected computers after all these years Analyzing a Mispadu Trojan’s attack chain How a clipboard hijacker delivers Lumma Stealer - ThreatDown by Malwarebytes Web shop spreads SocGolish malware and steals credit cards Clipboard hijacker tries to install a Trojan A visit to a print shop put a password stealer on a co-worker’s laptop
Watch out! Mobidash Android adware spread through phishing and online links
Pieter Arntz · 2024-09-30 · via Threat Walkthroughs – ThreatDown by Malwarebytes
Android

ThreatDown has uncovered a new campaign spreading the MobiDash adware for Android.

Someone is trying very hard to infect your Android device with malicious adware.

ThreatDown’s Android experts recently became aware of a campaign spreading MobiDash adware for Android using phishing emails, links on social media posted by people or bots, and at least one pornography website (xnxxvideosporn[.]net).

Android/Adware.MobiDash is Malwarebytes’ detection name for an adware that targets mobile devices running the Android OS, which became prevalent in 2015 and continues to be spread via hundreds of variants. It comes in the form of a Software Development Kit (SDK), a pre-packaged set of tools that can be added easily onto any Android Application Package (APK), the format used to distribute Android apps.

It is common for nefarious actors to take legitimate APKs and repackage them with adware SDKs so that besides the game, mod, movie, or whatever app they were promised, unsuspecting users are also infected with the MobiDash adware, and any other malware that MobiDash is used to install.

A unique characteristic of MobiDash is that it can wait up to three days after being installed before it starts to display ads. From then on, infected devices will display ads until the app is uninstalled. Since the MobiDash SDK is attached to a legitimate APK that will continue to work as expected, the victim may be left wondering where the advertisements are coming from, and won’t know which app to uninstall.

Mobidash link on Facebook
Link as posted on Facebook

In the recent campaign, users who clicked the Facebook link in the screenshot above were sent through a chain of redirects (lookebonyhill.com > apkretro.com > 3-dl-app.com) that ends in the automatic download of an APK file, although some users will have to use the Download button.

download of another apk than expected
Download of the APK

ThreatDown and Malwarebytes block the start of the redirect chain and can detect and remove MobiDash from your device.

Malwarebytes blocks lookebonyhill[.]com
Malwarebytes blocks lookebonyhill[.]com

IOCs

lookebonyhill[.]com

cinepornogratis[.]com

mobileoffers-ek-download[.]com

apkdw[.]online

mobileoffers-et-download[.]com