A group of security researchers at Check Point dug out an advanced vulnerability called SimBad malware, which attacks games in the Google Play Store. What’s even more scary is that there are over 200 affected apps that have been downloaded by a total of around 150 million Android users, which could have likely exposed themselves to the malware.
The malware is relatively hard to catch because it disguises itself as an ad, something that all games that are available for free have in order for developers to drive revenue. The researchers reported on their blog that SimBad malware hides itself mostly in the simulator games.
Their further research uncovered that the malware that affects millions of Google Play store users is hidden behind the software development tool called SDK, which is used for marketing and other different profitability purposes, making it even harder to find.
How does the SimBad malware work?
Since it’s an ad, it can easily redirect its victims to a vulnerable website if they accidentally tap on the ad, or can have automatic redirection. The website takes users to download more malicious apps from the Play Store or some other remote server, exposing them to the malware even more. A commonly used approach in this is to perform phishing attacks, where users are redirected to some popular websites where the payment option system exists and they might enter their credentials, for example PayPal.
Researchers at Check Point, Elena Root and Andrey Polkovnichenko, wrote that the malicious tool can even be used to manipulate with developers who don’t realize it’s there. However, they don’t know what the real intent is behind the SimBad malware development, as the attack doesn’t seem to be targeted toward a specific region, nor was it developed by the same developer.
Once a device, for example a smartphone or tablet, is infected by the malware, the app will hide its program icon but continue playing ads once the app which brought the malware is running. It will play ads in the background, generating fraudulent revenue. That way, by working silently in the background, the malware won’t cause suspicion or catch someone’s attention.
Researchers at Check Point note that aside from the simulator games, other SimBad malware-affected apps include photo editors, wallpaper apps and other apps with a similar concept. Here are ten apps with the most downloads that were affected by the malicious malware.
- Snow Heavy Excavator Simulator (10,000,000 downloads)
- Hoverboard Racing (5,000,000 downloads)
- Real Tractor Farming Simulator (5,000,000 downloads)
- Ambulance Rescue Driving (5,000,000 downloads)
- Heavy Mountain Bus Simulator 2018 (5,000,000 downloads)
- Fire Truck Emergency Driver (5,000,000 downloads)
- Farming Tractor Real Harvest Simulator (5,000,000 downloads)
- Car Parking Challenge (5,000,000 downloads)
- Speed Boat Jet Ski Racing (5,000,000 downloads)
- Water Surfing Car Stunt (5,000,000 downloads)
Fortunately, the security researchers from Check Point have already informed Google about the malware, with the apps being removed from the Play Store for good. Nevertheless, if you have installed some of these apps to your phone, make sure to check this list, or visit Check Point’s blog to see a full list of affected apps.