Google Play Store Takes Users on Yet Another Misadventure
New Adware Ready to Infect Your Android Devices
Cristal M Clark
Well it’s not like we didn’t expect this right? Researchers have found a plethora of new adware ready and waiting to infect your Android device, and it’s all available at the Google Play Store.
Yesterday, Israeli security firm Check Point said applications known to contain this particular adware strain known as “SimBad” had been downloaded almost 150 million times, mostly by gamers. The adware can be found in over 200 applications by the way, which Google finally got rid of, after users installed it all over the world.
According to Check Point; “We believe the developers were scammed to use this malicious SDK, unaware of its content, leading to the fact that this campaign was not targeting a specific county or developed by the same developer. The malware has been dubbed ‘SimBad’ due to the fact that a large portion of the infected applications are simulator games.”
Check Point said the adware resides inside a pretty widely used advertising software development kit (SDK) provided by ‘addroider[.]com’. Once it is installed, SimBad receives instructions from a command and control server, such as an order to make its icon disappear in an effort to make the app harder to remove and old one but a good one. Then, it begins to display background ads and can open any URL in the phone’s or devices browser, which is a joy for end users I am sure.
“With the capability to open a given URL in a browser, the actor behind ‘SimBad’ can generate phishing pages for multiple platforms and open them in a browser, thus performing spear-phishing attacks on the user, the actor can even take his malicious activities to the next level by installing a remote application from a designated server, thus allowing him to install new malware once it is required.”
And worst yet, the researchers said that while SimBad appears geared toward serving ads for now, it has the infrastructure to evolve into “a much larger threat.”
Of course it does, I mean why wouldn’t it?
Check Point was kind enough to put together a complete list of infected applications: https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/
Google by the way does have some pretty robust scanners in order to weed out and get rid of malware, however what’s been happening of late is the apps the malware infects are downloaded by users so fast that Google’s scanners simply cannot detect the problems fast enough to eradicate it before users have already installed the affected application.
Case in point, a couple of months ago Google’s detection systems had been neatly bypassed by a batch of 85 apps that, by the time Google was able to delete them, and the malware had infected around 9 million users.
In the days leading up to that, users in 196 countries had been infected by several apps that were capable of accessing contact lists and SMS messages and recording audio. Many are wondering if Google simply can’t keep up or if they loosened the rules and became careless with new aps and developers.
End users are beginning to become very concerned over privacy, leaks, and malware that eventually steal sensitive user data.
Google is one of the top tech companies in the world, but continue to allow for mishaps like this to happen and someone will eventually come along and knock them promptly off of that very throne.
Cristal M Clark