According to report reaching us Google pull more than 200 Android apps that were stuffed with SimBad malware from the Google Play Store.
Meanwhile the app purging was triggered after boffins at cybersecurity firm Check Point alerted the search giant to the presence of an adware campaign running riot in the Play Store.
The adware campaign made use of malware dubbed SimBad, which sits within a malicious software development kit called ‘RXDrioder’ and can perform actions after an infected Android device is booted. SimBad then connects back to a control and command server where it receives instructions from the malicious actors controlling it.
“SimBad comes with a respected list of capabilities on the user’s device, such as removing the icon from the launcher, thus making it harder for the user to uninstall, start to display background ads and open a browser with a given URL,” said the Check Point researchers.
“SimBad acts now as an adware, but already has the infrastructure to evolve into a much larger threat.”
Once installed and connected, SimBad can then perform actions that facilitate adware campaigns, phishing attacks, as well as conduct remote downloads or open apps in an app store.
SimBad got its name from how it lurks behind a lot of simulator games which it has managed to infect, likely because it tricked app developers into using the malicious SDK which posed as a legitimate advert serving platform. Check Point noted that given the volume of apps it infected, SimBad likely managed to get downloaded around 150 million times.
Given Google has been getting better at Android security and how it polices the Play Store, we’re curious as to how SimBad got past its defences. We asked Google about this but have yet to hear back.
But it would appear that SimBad was well hidden and that there’s still work to be done to catch the sneakiest malware and malicious activity that exploit the more open nature of Android app development.