Photo Credit: Check Point
Google has been dealing with the scourge of malware infecting Android apps for quite some time, and while necessary action has been taken against such apps, more issues keep popping up. The latest one to plague Android apps is an adware called SimBad. Discovered by Check Point, the SimBad adware affected 206 apps listed on Goole Play, all of which have now been reportedly removed after Google was notified about the same. The infected ads collectively clocked over 150 million downloads and could be exploited by bad actors to show ads, generate phishing pages, and open a specific URL in the web browser.
The SimBad adware was discovered by Check Point's Mobile Threat Team and gets its name from the fact that a majority of infected applications were simulator games. Check Point's findings state that SimBad's capabilities range from showing ads to opening a specific URL in the Web browser and exposing users to more malicious apps. Moreover, it could allow malicious parties to install a remote application from a designated server and inject more malware on a device if deemed necessary.
The SimBad malware is a part of the ‘RXDrioder' SDK that is provided to developers as an add-on SDK for ad-related services, says Check Point's report. "We believe the developers were scammed to use this malicious SDK, unaware of its content, leading to the fact that this campaign was not targeting a specific county or developed by the same developer."
Once an infected Android app has been installed and being actively used, the SimBad adware can be commanded to show background ads and open a specific URL in the Web browser. And since the adware can take users to the desired webpage in a browser, the malicious parties can generate phishing pages. The adware also comes with the ability to hide an infected app's icon from the launcher, making it difficult to uninstall the app.
Moreover, the adware could also take users to app repositories such as Google Play and 9Apps where users can be prompted to download more malware-infected apps at the behest of other bad players in order to make profits. Check Point notes that the SimBad malware “already has the infrastructure to evolve into a much larger threat”. As for the infected apps that have now been removed from the Play Store, one of them had around 10 million downloads, while 13 of them had touched the 5 million download mark.