Researchers from Checkpoint Software have identified a massive adware campaign that invaded the Google Play Store with more than 200 highly aggressive apps that were collectively downloaded almost 150 million times. “The 210 apps discovered by researchers from security firm Checkpoint Software bombarded users with ads, even when an app wasn’t open,” reports Ars Technica. “The apps also had the ability to carry out spearphishing attacks by causing a browser to open an attacker-chosen URL and open the apps for Google Play and third-party market 9Apps with a specific keyword search or a specific application’s page. The apps reported to a command-and-control server to receive instructions on which commands to carry out.” From the report: Once installed, the apps installed code that allowed them to perform actions as soon as the device finished booting or while the user was using the device. The apps also could remove their icon from the device launcher to make it harder for users to uninstall the nuisance apps. The apps all used a software development kit called RXDrioder, which Checkpoint researchers believe concealed its abusive capabilities from app developers. The researchers dubbed the campaign SimBad, because many of the participating apps are simulator games.
“With the capabilities of showing out-of-scope ads, exposing the user to other applications, and opening a URL in a browser, SimBad acts now as an Adware, but already has the infrastructure to evolve into a much larger threat,” Checkpoint researchers wrote. The top 14 apps were collectively downloaded a whopping 75 million times, with the No. 1 app receiving 10 million installs and the next 13 getting 5 million downloads each. The next 53 each received 1 million downloads. The remainder received 500,000 or fewer downloads each. Checkpoint has a full list of all the apps here.
Read more of this story at Slashdot.