At least 210 apps from the Google Play Store were found to be infected with some strain of adware, revealed Check Point security researchers. The adware, nicknamed “SimBad” (because it affected simulator games majorly), is malicious advertising code hid in a bogus ad-serving platform and created a back door that could install unfriendly apps, display ads outside the app, and also direct users to websites and app store links.
Following the report, Google confirmed on removing the infected apps from its basket; however, these apps have already garnered nearly 150 million downloads, according to Play Store statistics.
Google’s app-testing process has never been as thorough or strict as Apple’s review process for the App Store. Google has had several different problems relating the apps in its Store for over the last couple of years. The search giant had to pull hundreds of apps with troubling code in it: some apps abused app access permissions; some displayed pornographic ads and forced users to download more apps, and some even hijacked devices.
The researchers opine that the app developers were tricked into using a “malicious SDK, unaware of its content, leading to the fact that this campaign was not targeting a specific country or developed by the same developer.” Apps developed using the malicious SimBad SDK, once installed, will embed itself on the user device to prevent removal. For instance, by “removing the icon from the launcher”, these apps working in the background continue to display ads, sometimes even during the normal phone usage, and forcing the device’s browser to open a given URL.
“With the capability to open a given URL in a browser, the actor behind SimBad can generate phishing pages for multiple platforms and open them in a browser, thus performing spear-phishing attacks on the user,” wrote Check Point in its summary of the research.