Adware is the flavor of malware that the ordinary person is most likely to encounter on a smartphone or browser. Aimed at generating profits, adware sneaks ads into apps and browsers, with advertisers paying developers based on the number of people who load them. The smartphone is the ideal environment for this version of malware, via apps sold in Apple’s App Store or Google Play Store. Ad malware largely goes unnoticed because its main impact (besides relentlessly serving ads) is to slow down the device.

Wired quotes Check Point analysis/response team leader Aviran Hazum as saying that, “with adware — which is in my opinion one of the boldest types of malware on the mobile front — we can see that the actors are basically following the money.” “A lot of victims will pay a ransomware ransom, or attackers can gain access to a bank account, but the probability of that is relatively low compared to the amount of money they can generate by displaying ads,” he added. “More audience, more adware, more revenue.”

Security firm Malwarebytes ranked adware as “the most prevalent type of consumer malware in 2018,” and Check Point reported on Agent Smith, which infected “more than 25 million Android devices around the world … [including] more than 300,000 infections in the U.S.”

Agent Smith, which began its development in 2016 and is distributed through third-party Android app store 9Apps, “was originally a more clunky, obvious type of malware that masqueraded as legitimate apps but asked for a suspicious number of device permissions to run and displayed a lot of intrusive ads.”

In spring 2018, Agent Smith became more sinister, using malware to search “through the device’s third-party apps and replace as many as possible with malicious decoys,” including a fake app called Google Updater. Agent Smith also “infiltrated the Google Play Store during 2018, hidden in 11 apps that contained a software development kit related to the campaign.”

Google removed those apps, but Hazum reported that “the actors behind Agent Smith also overhauled its infrastructure in 2018 and moved its command and control framework to Amazon Web Services,” which will enable them to “expand features like logging and more easily monitor analytics like download stats.”

“You’re starting to see actors realizing that just regular adware won’t do these days,” said Hazum. “If you want the big money you need to invest in infrastructure and research and development.”

Although adware isn’t currently an “immediate threat,” it “opens the door for attackers to add other malicious functionality in the future that could endanger users’ data or accounts.”

The best advice for avoiding adware is to download apps from official stores, “stick to prominent, mainstream apps as much as possible, and always double-check that you’re actually downloading, say, the real Twitter app and not Twltter.” Delete any apps on your device that you don’t use anymore or anything glitchy or random. You can also download adware scanners from Bitdefender, Malwarebytes or Avast — “but be careful to download the real deal.”