To date, more than 200 apps on the Play Store were infected by the offending adware. The researchers provided a list of the infected apps, comprising mostly simulation games. Leading to the team giving it the name “SimBad”.
According to the research, SimBad has the capabilities to show ads, obtain sensitive information, and expose victims to other applications. Once a user installed an infected app, the adware remains hidden in the background. Set to boot up together with the device. The adware will receive instructions from the command and control server and performs malicious activities. The attacker could also take it to the next level by installing a remote app onto the victim’s device, thus allowing him to install new malware.
The security researchers believed that the app developers were deceived by the malware posing as a legitimate ad-serving platform. This eventually opened a backdoor for the attacker to install additional malware to outsmart Google’s app store scanning. All of the infected apps and games have since been removed from Google Play Store. But it should be noted that the removal from the app store does not delete the app from the victims’ devices. (Source: TechCrunch, Check Point Research)