“SimBad malware said to have been present in over 200 apps on the Google Play store, affecting close to 150 million users worldwide”
According to cyber-security firm Check Point research, a new adware has been found in close to 206 applications on Play Store, affecting close to 150 million users. The malware is named SimBad and a large portion of the infected apps were racing or shooter games on the Play Store.
The adware disguises itself as an advertising SDK called ‘RXDrioder’ and the affected game developers were tricked into using this to control how the ads were being served. The Check Point research found that the makers of the ‘RXDrioder’ said to be using the RXDrioder kit to hide the adware in the apps and avoid any suspicion. This will then be used to show ads for their own profit. The security research firm claims that on downloading any of the affected apps, SimBad registers itself to the ‘BOOT_COMPLETE’ and ‘USER_PRESENT’ and this will allow the malware to perform actions even when the user is using the device.
Apart from showing ads, SimBad can also perform actions like removing the icon from the launcher, which makes uninstalling harder for users and display background ads. It also redirects users to specific URLs in the browser to show more ads or even to open specific pay-per-install apps on PlayStore or 9Apps to gain more profits. The makers of SimBad are also said to have the ability to control other apps with RXDroider SDK, thus making it a larger threat for users and developers alike. However, Google, which has been notified about this malware, has taken down the infected applications from the Play Store.