Check Point Research has discovered a new malware campaign that have infected a total of 150 million Android users globally. The malware, dubbed SimBad, as many of the infected apps were simulator games, infected 206 apps found in the Google Play Store. SimBad disguises as ads to avoid suspicion.
According to Check Point’s IT security researchers, SimBad was disguised as an advertising kit named RXDrioder. It infected all the apps that used it to control how ads were being shown to their users. The makers of RXDrioder were secretly using their kit's code to hide malware inside other apps. The apps were then hijacked to show ads, or perform phishing attacks, without the knowledge of their developer.
"We believe the developers were scammed to use this malicious SDK, unaware of its content, leading to the fact that this campaign was not targeting a specific county or developed by the same developer," Check Point said.
SimBad has three main capabilities: displaying adverts, phishing and exposure to other applications. It's an adware first, but can also redirect victims to a compromised website and download more malicious applications from the Play Store or remote server to implement phishing attacks.
As said earlier, SimBad infected 206 Android apps, which accumulate to a total of 150 million downloads globally. Snow Heavy Excavator Simulator, Hoverboard Racing, Real Tractor Farming Simulator, and Ambulance Rescue Driving are some of the infected apps. Click here for the full list of infected apps.
While Google has removed all of the infected apps from the Play Store now, they may continue to affect your device if you've them installed. So, make sure to remove them now and scan your device with a trustworthy anti-virus software.