Security company Check Point has uncovered 200 apps that were showing misleading ads to users. They have been removed from the Play Store
The name reminds of those of the Lion King, but it doesn’t have the same goodness about it. What are we talking about? About SimBad, a new malware discovered by researchers from Check Point, a company specialized in making computer security programs, present inside 206 applications for Android smartphones. SimBad is an adware, a particular virus that shows misleading advertisements to users that can steal money and slow down device performance.
The 206 affected apps were promptly deleted from the Google Play Store, but they might still be present on millions of smartphones, especially if they were downloaded from third-party stores. According to Check Point experts, the apps have been downloaded 150 million times (Google Play Store data), which is a very high number. The number of affected users is not known precisely, but it definitely exceeds 4-5 million. The apps that hid the adware are mostly simulation games: Snow Heavy Excavator; Hoverboard Racing Simulator; Real Tractor Farming Simulator; Ambulance Rescue Driving; Heavy Mountain Bus Simulator 2018; Fire Truck Emergency Driver; Farming Tractor Real Harvest Simulator (these are the names of some of the infected apps).
What are the malicious apps and what did the SimBad adware do
As anticipated, the dangerous apps are mostly simulation games widely used by users. In total, the 206 apps totaled over 150 million downloads, with the Snow Heavy Excavator app being downloaded over 10 million times.
How did SimBad adware work? Very simple. When the smartphone was turned on, or when one of the malicious apps was launched, the malware would autonomously open a browser page showing the user advertisements. Thanks to this ploy, hackers were able to earn thousands of Euros every day.
According to Check Point researchers, the software houses that developed the infected apps were unaware of the malware’s presence. The adware, in fact, was hidden inside RXDrioder, a special software used to place advertisements inside applications. Google took immediate action and deleted the malicious apps.
What are the dangers for users
SimBad virus is not particularly dangerous. It only causes annoyance to the user who gets very annoying pop-up ads while playing games. Check Point researchers point out, however, that the malware is very structured and capable of creating greater damage and getting hold of users’ sensitive information. We will see if the adware will return to the attack in the coming months.