SimBad: The Malicious Adware Campaign on Google Play | Software Advisory Service


Home > Blog > SimBad: The Malicious Adware Campaign on Google Play

SimBad: The Malicious Adware Campaign on Google Play


Google’s Play Store for Android devices has made great progress over the past years in terms of stability and security. But even with the great many strides Google has made, the Play Store is still filled with dubious apps. While most are relatively harmless, there are those that prove to be malicious.


Earlier this year, researchers from Check Point uncovered a potentially serious threat lurking in the Play Store. And it has now been revealed that more than 200 popular apps available in Google Play have been affected by a malicious adware known as SimBad.


The research also revealed that the 200 affected apps have been downloaded and installed close to 150 million times. Once Google became aware of this, their security team quickly removed the apps from the Play Store. For many users, however, the damage had already been done.


The name SimBad was appropriately coined because the most affected applications were simulator games. Some of these applications – such as Snow Heavy Excavator Simulator and Hoverboard Racing - were hugely popular among Android users, sporting millions of downloads each.



What does the SimBad Malware Do?


According to Check Point research, the malware was found in an ad-related software development kit (SDK) called RXDroider. Google’s security team believes that the software developers were fooled into using the malicious SDK, completely unaware of its content.


Once SimBad infects a system, the malware automatically connects to command and control servers for more advanced actions. In addition to this, the malware also has the capability of opening phishing URLs in the infected device’s browser, in Play Store, and it may also be capable of remotely installing other applications on your devices.


In more technical terms, once a user installs the infected app on their device, SimBad will then register itself to the BOOT_COMPLETE and USER_PRESENT intents. This action will enable the malware to perform a variety of potentially malicious actions once the device has finished booting. Essentially, SimBad can affect your device in three different ways: it show PPC Ads, phishing, and exposure to other applications. Moreover, it’s capability to open market applications, such as Google Play Store and 9Apps, with a specific keyword search, the actor (which is the person benefiting from the malware) may actually increase exposure for other similar threat factors and gain more profit that way.


The actor may even go as far as bypassing your password and installing remote applications from a designated server, which will enable them to install other malware whenever necessary – effectively taking their malicious acts to the next level.


Read More: Buyer's Guide to Security Software





How can you avoid Android malware?



The Android OS is one of the most popular and widely used mobile device operating systems in the world, alongside Apple iOS. If you’re currently using an Android-powered mobile device, what can you do to minimize the risk of accidentally infecting your system?


·         Get your apps from Google Play only


This should already be clear enough to every Android user. However, many users still get infected with malware because they download apps from sources outside the Google Play Store.


Companies like Google and Apple invest a ton of money on a dedicated department with a very specific mandate: to thoroughly scrutinize and check the apps before they are made available in either App Store or Play Store. But, clearly, sometimes the malicious apps manage to slip through the cracks. Despite this, however, downloading your applications from the Play Store is still safer for Android users.


·         Only get apps from trusted developers


How can you get more information about the various developers? Imagine you’re browsing through apps in Play Store. Now, if you tap on the developer name (just below the game title) you can access more information about that particular developer, including the other products they have released for download in Play Store.


Spending a little time learning about the app, and the developer behind it, is a simple but effective precaution if you want to make sure that you download a secure app.


·         Consider the app rating and user reviews


We also recommend that you spend some time in the Ratings and Reviews section in Google Play Store, too. All apps available have a ratings and reviews section, and it’s highly recommended that you read through them to see what other people are saying. What’s their experience using the app? Are there possible bugs or issues?


This will not only give you an idea of how the app is faring, it may also give you a clearer picture of how the app operates as a whole.


·         Pay close attention to the permissions


The system of permissions is a protection mechanism set up by Android, and it’s designed to enable the individual user to control how much freedom their apps will get.


For instance, photo editing apps will most likely ask for permission to access your photo library, camera and any audio/vide player apps. However, you may want to limit the reach of an app that asks permission to access something outside of its main function. While it can’t fully protect you from SimBad and similar malware, it still obvious that apps can do very little if they’re not allowed access to anything on your device.


·         Use a reliable security solution


To increase security within your device – and minimize exposure to Android malware – you should consider using a reliable security solution for mobile devices. Most mobile devices nowadays come with pre-installed security solutions with anti-virus and malware protection capabilities. However, there are also other more robust and well-known mobile security solutions, that you can install in order to enhance security. Most of these are available in App Store and Google Play Store. If you're at the risk of a breach, it might be worth looking into acquiring a cyber insurance

Back Content Hub

Get Your Free Shortlist!

Recent Content