Mobile security has been compromised yet again, as SimBad, a new strain of adware, was found installed on more than 210 Android Apps. The adware was disguised as an advertisement kit and was named RXDrioder.
According to a report from Israeli cybersecurity firm Check Point, RXDrioder was secretly using the kit code to hide malware and hijack devices to show ads for profit.
Check Point said it reported the malicious apps to Google, which confirmed removing the malicious apps from the Google Play Store. However, those apps had been downloaded nearly 150 million times before being removed.
Some popular apps were also infected by the adware, most simulator games including:
- Real Tractor Farming
- Hummer Taxi Limo Simulator
- Transport Simulator
- Snow Heavy Excavator Simulator
- Excavator Wrecking Ball Demolition Simulator
- Sea Animals Truck Simulator
The SimBad adware had the ability to send instructions to the app and control them without the developer’s knowledge. “We believe that the developers had no clue,” said Check Point.
The malware resides in RXDrioder, which sits in the Software Development Kit (SDK). It was dubbed “SimBad” because it affected a large proportion of simulator games.
The adware also abused the SDK’s ability to overlay other ads abusing it to show only its own ads, according to Check Point.
SimBad affected users on a massive scale. It joins the ranks of previous Google Play Store adware infestations including Chamois, HummingBad and Gooligan and will be remembered as one of the most impactful cyber attacks on Android users.
Google reviews apps before they are allowed to enter the Google Play Store. Google’s review process is often criticized for being less strict as compared to Apple’s review process for its app store.
Last year, Google reporting making improvements in its ability to detect problematic apps. It also claimed to have removed 99 percent of them. However, contrary to these claims, bad apps keep making it through, and SimBad is the latest evidence of it.
Google still has to do a lot to improve its Play Store security and to ensure the safety of Android users from malicious apps.
SimBad had the capabilities of showing out-of-scope ads and exposed users to other applications; it even opened a URL in the browser. SimBad was adware, but it has now transformed itself into a much larger threat.
This latest attack shows how vulnerable our mobile devices are to cyberthreats.
Cybersecurity is a growing risk—we all are prone to attacks. It is just a matter of time. We should be able to rely on top tech companies to protect us against a cyberthreat.