Adware Simulates Advertising And Installs Malware On Your Android
By: Jim Stickley and Tina Davis
April 22, 2019
We tell you to always avoid sideloading your apps to your mobile devices. “Go to the official Google Play Store,” we always say. Well, while that remains the best way to ensure you’re not downloading malicious apps to your devices, there is also a risk that some bad ones make it past the security checks and onto unsuspecting users’ devices. Check Point recently found that more than 200 malicious apps had racked up nearly 150 million downloads from the Google Play Store.
The offending apps have been spreading the SimBad code through many types of apps, but a significant portion was in games. In particular, through infected simulators; hence the name.
The infections occurred in phony advertisements posing as legitimate ones. Developers used the code to create them, because it was similar to the actual code, they use to display ads. However, they display ads outside of the aps, send users to undesired websites and app store links, and download new apps to the devices.
If you click on ads, use a lot of caution. Hidden in the background often lurks code doing things you’d rather it didn’t; sometimes it means taking over your device. If you are curious about an ad, do independent research rather than clicking something you see within a game. Note the name, go to a browser, and do a search first. If you think you want to download it, go to the official app store and read reviews there. If they are all glowing or there aren’t many, it should be viewed with a healthy dose of suspicion; it’s even better to skip it and find another one.
Check Point did report these to Google, which did remove them. Some of the apps were Excavator Wrecking Ball, Heavy Mountain Bus Simulator 2018, Hummer taxi limo simulator, Snow Heavy Excavator Simulator, and Sea Animals Truck Transport Simulator, among many more. Not only can it do the aforementioned tasks, but it also “hides” its icon to make it more difficult to uninstall.
Google does review apps before they make it into the store, but some are just too sneaky and bypass the security anyway. Last year, Google actually made improvements to its security processes and was able to remove 99% of the malicious apps before making it to the store. However, there is obviously more work to do.