Researchers have identified a massive adware campaign that invaded the official Google Play market with more than 200 highly aggressive apps that were collectively downloaded almost 150 million times.
The 210 apps discovered by researchers from security firm Checkpoint Software bombarded users with ads, even when an app wasn’t open, according to a blog post published by the company on Wednesday. The apps also had the ability to carry out spearphishing attacks by causing a browser to open an attacker-chosen URL and open the apps for Google Play and third-party market 9Apps with a specific keyword search or a specific application’s page. The apps reported to a command-and-control server to receive instructions on which commands to carry out.
Once installed, the apps installed code that allowed them to perform actions as soon as the device finished booting or while the user was using the device. The apps also could remove their icon from the device launcher to make it harder for users to uninstall the nuisance apps. The apps all used a software development kit called RXDrioder, which Checkpoint researchers believe concealed its abusive capabilities from app developers. The researchers dubbed the campaign SimBad, because many of the participating apps are simulator games.