Go to listing page

Android Adware ‘SimBad’ detected in 206 Android apps with almost 150 million installs

Android Adware ‘SimBad’ detected in 206 Android apps with almost 150 million installs
  • The list of commands performed by the adware includes removing the icon from the launcher, displaying background ads, opening URLs, opening Google Play and 9Apps, installing other malware, and more.
  • Check Point researchers notified Google about the adware, and Google has removed all the 206 apps from the Google Play Store.

What is the issue - Researchers from Check Point detected Android adware dubbed ‘SimBad’ in almost 206 Android applications that are available for download in the Google Play Store. These applications were installed by almost 150 million Android users.

Why it matters - The adware exists in the RXDrioder Software Development Kit (SDK) that allowed attackers to display ads on an Android device when the device was booted or the user unlocks the screen.

“We believe the developers were scammed to use this malicious SDK, unaware of its content, leading to the fact that this campaign was not targeting a specific county or developed by the same developer,” researchers wrote.

What are the infected apps - Most of the apps that included the adware were driving and racing simulator games such as Snow Heavy Excavator Simulator, Ambulance Rescue Driving, and Water Surfing Car Stunt.

The big picture

  • Once these malicious apps are downloaded and installed on the device, SimBad connects to its C&C server.
  • It then performs the commands received from its C&C server.
  • The list of commands includes removing the icon from the launcher, displaying background ads, opening URLs, opening Google Play and 9Apps, installing other malware, and more.

“SimBad has capabilities that can be divided into three groups – Show Ads, Phishing, and Exposure to other applications. With the capability to open a given URL in a browser, the actor behind ‘SimBad’ can generate phishing pages for multiple platforms and open them in a browser, thus performing spear-phishing attacks on the user,” the researchers pointed out.

What actions were taken - Check Point researchers notified Google about the adware, and Google has removed all the 206 apps from the Google Play Store.

“Google responded quickly. It took them a couple of weeks to review the apps and conduct their own investigation until [the apps were] finally removed,” Jonathan Shimonovich, R&D Group Manager at Check Point told ZDNet.

Cyware Publisher

Publisher

Cyware