SimBad malware affects 150 million Google Play store users – See full list of affected apps


Google Play store

Recently, Check Point’s IT security researchers discovered a sophisticated malware attack that targets Android users worldwide through the Google Play Store app store. As of now, a total of 150 million Android users have fallen prey for the malware. According to the report, this malware called “SimBad” infects mostly simulator games and it disguises as ads to avoid suspicion. In-depth research found that the malicious code is hidden behind the software development kit (SDK) for marketing and profitability purposes and is hard to find.

SimBad
Illustration on how SimBad works

SimBad can redirect victims to the compromised website and download more malicious applications from the Play Store or remote server to implement phishing attacks. Check Point researchers Elena Root and Andrey Polkovnichenko said that this malicious SDK can easily fool developers. They may not even know the real intent of what they created. It can be seen that the attack was not initiated for a specific region, nor was the malicious program developed by the same developer.

SimBad works by infecting the target device, and the malicious application hides the malicious program icon, but when it is used, it displays ads in the background, resulting in fraudulent revenue. In this way, malware will not only attract attention, or even cause suspicion.

According to Check Point, most infected apps are simulator games, photo editors and wallpaper apps. Here are the top ten apps that are currently infected with SimBad malware:

  1. Snow Heavy Excavator Simulator (10,000,000 downloads)
  2. Hoverboard Racing (5,000,000 downloads)
  3. Real Tractor Farming Simulator (5,000,000 downloads)
  4. Ambulance Rescue Driving (5,000,000 downloads)
  5. Heavy Mountain Bus Simulator 2018 (5,000,000 downloads)
  6. Fire Truck Emergency Driver (5,000,000 downloads)
  7. Farming Tractor Real Harvest Simulator (5,000,000 downloads)
  8. Car Parking Challenge (5,000,000 downloads)
  9. Speed Boat Jet Ski Racing (5,000,000 downloads)
  10. Water Surfing Car Stunt (5,000,000 downloads)
Read Also:  Google App Store under antitrust investigation in Indonesia

Click HERE for a full list. The good news is that Check Point has reported to Google and many of these apps have been removed from the Play Store. However, if you have installed any of these apps make sure to remove it now and scan your device with trustworthy anti-virus software.

Previous Oppo's ColorOS 6 released in China
Next Forget the pop-up camera system, ZTE Axon V concept has a side-mounted 3D camera setup

2 Comments

  1. Jaso966
    March 17, 2019

    Wow…thanks for this. I had two of these apps. Uninstalled them immediately and scanned my phone. Thanks

  2. Scott Wilson (Zofryer)
    March 18, 2019

    Let’s talk about how this story misrepresents reality.
    1) The 150 million number is made up. The app installs multiple apps to the same person after install. So the real number is likely 10 million.
    2) The command and control server was down for because the domain no longer exists. It says that right in the story. Can’t command and control people without your command and control server.
    3) This appears to have been a Google China problem only.

    So the reality is about 10 million people got hit with adware that spammed them with ads, and installed more apps that spammed them with ads, and the command and control server couldn’t handle the traffic and they gave up. At least, that’s what it looks like. They clearly abandoned their domain name.

    That being said, this comes nowhere close to XCodeGhost. 200 million iOS users were hacked for six months.