Security researchers have discovered new adware named “SimBad” which was found infected 206 apps in Google Play Store.
The new adware campaign was discovered by security researchers at Check Point Mobile Threat Team and app has already been download by 150 million people.
The malware resides within the RXDrioder software development kit. The attackers tricked developers to use this malicious SDK unaware of its malicious content.
According to researchers, the campaign did not target a specific country or developer.
Once the user downloads and installs malware infected application, it registers itself to the ‘BOOT_COMPLETE’ and ‘USER_PRESENT’ intents. This can allow SimBad to perform actions after device finishes booting and while the user is using his device.
In the next step, it connects to the command-and-control server and receives further instructions such as to removing the icon from the launcher, displaying background ads.
The attacker could also open a given URL in a browser and use it to generate phishing pages for multiple platforms and launch spear phishing attacks on the users.
The SimBad is capable of open market applications, such as Google Play and 9Apps to gain exposure and increase their profits. It can also install a remote application from a designated server and download a new malware.
“With the capability to open market applications, such as Google Play and 9Apps, with a specific keyword search or even a single application’s page, the actor can gain exposure for other threat actors and increase his profits.“
“The actor can even take his malicious activities to the next level by installing a remote application from a designated server, thus allowing him to install new malware once it is required.”
Researchers notified Google about the issue and the infected applications were removed from the Play store immediately.
For more details about the infected applications, you can visit here.
You may be interested in reading:New Zero-day flaw in Google Chrome Discovered Actively Exploited in the Wild