Scam of the Week – Simbad Malware Infects Millions of Android Devices

March 22, 2019 1:22 pm Geraldine Strawbridge Simbad malware

Security researchers at Check Point have discovered a sophisticated new malware campaign that targets android users on the Google Play store.

The malware has infected 206 apps on the platform and has been downloaded by up to 150 million users around the world.

Dubbed ‘Simbad’, the malware predominantly infects simulator games and disguises itself as ads to avoid suspicion. Most free games will contain ads as a way to increase profits for developers, however by hiding behind a software tool called SDK, the attackers have been able to avoid detection.

Once a device has been infected, the malicious app will hide its program icon but quietly play ads in the background, generating fraudulent revenue every time the device is in use.

In addition to displaying malicious ads, Simbad can also be used to conduct phishing attacks by redirecting users to compromised websites where yet more malicious apps can be downloaded.

Image: How Simbad works (Source: Check Point)

Check Point researchers said the malicious SDK can easily fool developers: “We believe the developers were scammed to use this malicious SDK, unaware of its content, leading to the fact that this campaign was not targeting a specific county or developed by the same developer”.

Google have since removed all the malicious apps from the Play store, however users are strongly advised to check the full list of apps and immediately remove any of the infected games from their device.

The top 10 apps infected with Simbad malware include:

  1. Snow Heavy Excavator Simulator (10 million downloads)
  2. Hoverboard Racing (5 million downloads)
  3. Real Tractor Farming Simulator (5 million downloads)
  4. Ambulance Rescue Driving (5 million downloads)
  5. Heavy Mountain Bus Simulator 2018 (5 million downloads)
  6. Fire Truck Emergency Driver (5 million downloads)
  7. Farming Tractor Real Harvest Simulator (5 million downloads)
  8. Car Parking Challenge (5 million downloads)
  9. Speed Boat Jet Ski Racing (5 million downloads)
  10. Water Surfing Car Stunt (5 million downloads)

To reduce the chance of your phone being infected with adware, there are a number of preventative measures you can take:

  • Only buy Apps from trusted sources

Buying apps from trustworthy sources reduces the chance of your device being hacked or infected with malware. To check the authenticity of a source, you can check the full name, list of published apps and contact details in the app description within the Google Play or Apple app store.

  • Permissions

Permissions are used by apps to access specific functions and data within the device. If an app has a long list of permissions that are unnecessary to the functioning of an app this should act as a red flag and raise suspicions about the intent of its use. The fewer permissions an app requests, the more likely it is to be safe.

  • Learn more about the developer

Take some time to research the developer of the app. Most app stores will include a link to the developer’s web page and this will give you a good idea if they are a reputable source.

  • Update phone software

One of the most important ways to protect against malware is to regularly update your phone’s software. Malicious apps will often take advantage of older versions of browsers therefore it is vital that the latest software update is installed.

If you are looking to start a phishing awareness campaign or would like more information on how to protect yourself online, contact us to find out how we can help.

Further Reading

How to prevent mobile Phishing attacks