Security researchers at Check Point have discovered a sophisticated new malware campaign that targets android users on the Google Play store.
The malware has infected 206 apps on the platform and has been downloaded by up to 150 million users around the world.
Dubbed ‘Simbad’, the malware predominantly infects simulator games and disguises itself as ads to avoid suspicion. Most free games will contain ads as a way to increase profits for developers, however by hiding behind a software tool called SDK, the attackers have been able to avoid detection.
Once a device has been infected, the malicious app will hide its program icon but quietly play ads in the background, generating fraudulent revenue every time the device is in use.
Image: How Simbad works (Source: Check Point)
Check Point researchers said the malicious SDK can easily fool developers: “We believe the developers were scammed to use this malicious SDK, unaware of its content, leading to the fact that this campaign was not targeting a specific county or developed by the same developer”.
Google have since removed all the malicious apps from the Play store, however users are strongly advised to check the full list of apps and immediately remove any of the infected games from their device.
The top 10 apps infected with Simbad malware include:
- Snow Heavy Excavator Simulator (10 million downloads)
- Hoverboard Racing (5 million downloads)
- Real Tractor Farming Simulator (5 million downloads)
- Ambulance Rescue Driving (5 million downloads)
- Heavy Mountain Bus Simulator 2018 (5 million downloads)
- Fire Truck Emergency Driver (5 million downloads)
- Farming Tractor Real Harvest Simulator (5 million downloads)
- Car Parking Challenge (5 million downloads)
- Speed Boat Jet Ski Racing (5 million downloads)
- Water Surfing Car Stunt (5 million downloads)
To reduce the chance of your phone being infected with adware, there are a number of preventative measures you can take:
- Only buy Apps from trusted sources
Buying apps from trustworthy sources reduces the chance of your device being hacked or infected with malware. To check the authenticity of a source, you can check the full name, list of published apps and contact details in the app description within the Google Play or Apple app store.
Permissions are used by apps to access specific functions and data within the device. If an app has a long list of permissions that are unnecessary to the functioning of an app this should act as a red flag and raise suspicions about the intent of its use. The fewer permissions an app requests, the more likely it is to be safe.
- Learn more about the developer
Take some time to research the developer of the app. Most app stores will include a link to the developer’s web page and this will give you a good idea if they are a reputable source.
- Update phone software
One of the most important ways to protect against malware is to regularly update your phone’s software. Malicious apps will often take advantage of older versions of browsers therefore it is vital that the latest software update is installed.