The IT security researchers at Check Point have discovered a sophisticated malware campaign that has been targeting Android users through Google Play Store on a global level and so far more than 150 million users have fallen prey to it.
Dubbed SimBad by researchers; the malware disguises itself as ads to avoid suspicion and hides behind software development kit (SDK) used for advertising purposes and monetization generation. At the time researchers identified the malware its download count had already reached almost 150 million.
In addition to displaying malicious ads, SimBad is also capable of carrying out phishing attacks by redirecting victims to compromised websites and downloading more malicious applications either from the Play Store or from a remote server.
“We believe the developers were scammed to use this malicious SDK, unaware of its content, leading to the fact that this campaign was not targeting a specific county or developed by the same developer,” said Check Point researchers Elena Root and Andrey Polkovnichenko in their blog post.
SimBad operates in such a way that upon infecting the targeted device the malicious app hides its icon yet work in the background to display advertisements to generate fraudulent revenue whenever the device is in use. In this way, not only the malware goes unnoticed but raises no suspicion.
According to Check Point, a large portion of the infected applications are simulator games while photo editors and wallpapers applications are also among the list. Here is a list of top 10 apps infected with SimBad malware:
- Snow Heavy Excavator Simulator (10,000,000 downloads)
- Hoverboard Racing (5,000,000 downloads)
- Real Tractor Farming Simulator (5,000,000 downloads)
- Ambulance Rescue Driving (5,000,000 downloads)
- Heavy Mountain Bus Simulator 2018 (5,000,000 downloads)
- Fire Truck Emergency Driver (5,000,000 downloads)
- Farming Tractor Real Harvest Simulator (5,000,000 downloads)
- Car Parking Challenge (5,000,000 downloads)
- Speed Boat Jet Ski Racing (5,000,000 downloads)
- Water Surfing Car Stunt (5,000,000 downloads)
The full list of malware-infected apps is available here.
The good news is that Check Point got in touch with Google and at the time of publishing this article, all malicious apps were removed from the Play Store. However, if you have installed any of these apps make sure to remove it now and scan your device with trustworthy anti-virus software (you can choose any of these from the list we created for you).
This is not the first time when Android devices have been infected with such a large-scale adware campaign. Previously, Gooligan, CopyCat and LightsOut also carried out similar attacks. Stay safe online!
Based Blockchain Network