The Android platform and even Google’s Play Store app market have been criticized for being less secure, especialy in comparison to Apple’s iOS ecosystem. Almost every week we hear of a new malware that creeps into Google Play Store, threatening to compromise smartphones and their owners. And while Google is swift to act on removing those errant apps, sometimes it’s often too late save thousands if not millions of already compromised devices that have already downloaded the infected apps.
In this case, the adware nicknamed “SimBad” was identified to be in around 206 apps on Google Play Store, most of them simulation type games, hence the name. Collectively, these apps and games have been downloaded a total of 150 million times. It’s almost astounding how such apps are so easily downloaded, often without a second thought.
Security outfit Check Point notes that the developers of the apps may not be completely at fault. They may have not realized that they were using an ad-related software development kit or SDK whose purpose is to install adware on devices, whether that was the developers’ intention or not. Like users, they may have been lured by false promises.
Once an app infected by SimBad gets downloaded, the adware registers itself on the system so that it can run on boot and when the user is actively using the device. It then calls home, a remote C&C traced to “addroider.com”, which then waits for instructions on what to do. From there, it can perform actions like opening a browser page to phish user information, open an app store (including Google Play Store) to a specific, potentially malicious app, or even download and install an app in the background.
Admittedly, SimBad is less nefarious than other malware that escaped Google’s notice but it does already have the potential to do more damage. Google has already taken down the infected apps and will most likely add the adware strain to Google Protect’s AI.