According to cybersecurity firm Check Point’s mobile threat team, an Android adware known as Simbad has found its way into 150 million devices after being placed inside simulation games available on Google Play Store.
Among the games the adware was found in were titles such as Real Tractor Farming Simulator, Heavy Mountain Bus Simulator 2018 and Snow Heavy Excavator Simulator.
Each of these had more than five million downloads at the time the adware was discovered. Snow Heavy Excavator itself was downloaded some ten million times before the adware was revealed.
In total Simbad was found in 210 seemingly legitimate apps. All have now been pulled from Google Play Store.
Check Point explained that, once downloaded, the malicious Simbad phones home and starts embedding itself onto the user’s device to prevent any attempt at removal. It would then start displaying ads to generate money.
Some of the sophisticated anti-removal techniques it uses include removing the icon from the launcher, displaying background ads during normal phone usage and forcing the device’s browser to open a given URL.
The code hid in a bogus ad-serving platform and created a back door that could install rogue apps, direct users to scam websites and show other apps in stores. Check Point believes the apps’ developers were tricked into using the platform.
Simbad has capabilities that can be divided into three groups – Show Ads, Phishing and Exposure to other applications. With the capability to open a given URL in a browser, the actor behind Simbad can generate phishing pages for multiple platforms and open them in a browser, thus performing spear-phishing attacks in the user.- Report Summary: Check Point
Check Point recommends users go through their apps and remove any that may contain the adware. Meanwhile despite Google’s efforts to make the Play Store as safe as possible, recently it claimed they had removed 700,000 malicious apps in 2017. Google, said Check Point, should take another close look at its malware scanning systems.