A monstrous adware campaign nicknamed “SimBad” was found to be in around 206 applications on Google Play Store, known to have been downloaded roughly 150 million times. Since most of them are simulation type games, thus the term ‘SimBad’ has been coined.
The designers of the applications may not be entitled totally to the blame as they also may have been baited by false promises. They may have not understood that they were utilizing a promotion related software development kit or SDK whose reason for existing is to install adware on devices.
Once an application infected by SimBad gets downloaded, the adware registers itself on the system with the goal that it can keep running on boot and from that point onwards, it can perform activities like opening a browser page to phish user information, open an application store including Google Play Store (to be specific) potentially malicious application, or even download and install an application in the background.
As per Security outfit Check Point, the applications perform different malicious behavior that the user’s need to be wary of, including:
- Showing ads outside of the application, for when the user unlocks their phone or uses other apps.
- Constantly opening Google Play or 9Apps Store and redirecting to another particular application, so the developer can profit from additional installations.
- Hiding its icon from the launcher in order to prevent uninstallation.
- Opening a web browser with links provided by the app developer.
- Downloading APK files and asking the user to install it.
- Searching a word provided by the app in Google Play.
As a matter of fact, SimBad is less appalling than other malware that got away from Google’s notice however it does as of now can possibly accomplish more harm as, according to Checkpoint, “SimBad’ has abilities that can be divided into three groups namely – Show Ads, Phishing, and Exposure to other applications.
Keeping in mind the user privacy, Google has officially brought down the infected applications and will doubtlessly add the adware strain to Google Protect’s AI.