Researchers have found an adware in 206 Android apps that have 150 million downloads at the Google Play Store.

The malware is dubbed "SimBad" because of how it mainly affected simulators.

Android Adware 'SimBad'

Security experts at Check Point Software Technologies discovered that 206 apps contained SimBad. Google immediately removed them from the Play Store after being informed about them.

The malware posed as an ad-serving platform, and it could open a backdoor that would allow other harmful software to be installed on the device.

As the researchers explain, the perpetrator could "generate phishing pages for multiple platforms and open them in a browser" or set up a "remote application from a designated server, thus allowing him to install new malware once it is required."

According to Check Point, the developers of the apps in question may have duped into using the Software Development Kit or SDK that has the adware. It might have been harder to detect and stop because of that, as the infected apps are safe and legitimate if it weren't for the adware that managed to sneak past, not to mention that it wasn't out to steal personal data of users.

Infected Apps

Check Point outlined the apps that have been found to have SimBad, and a lot of them have millions of downloads.

One of them called Snow Heavy Excavator Simulator has been downloaded 10 million times, and 13 of them 5 million times, which accounts for 75 million downloads of the 150 million total.

Here's a breakdown of the apps with 5 million downloads:

Hoverboard Racing

Real Tractor Farming Simulator

Ambulance Rescue Driving

Heavy Mountain Bus Simulator 2018

Fire Truck Emergency Driver

Farming Tractor Real Harvest Simulator

Car Parking Challenge

Speed Boat Jet Ski Racing

Water Surfing Car Stunt

Offroad Wood Transport Truck Driver 2018

• Volumen booster & Equalizer

Prado Parking Adventure

Oil Tanker Transport Truck Driver

Some of them have even been available to download since 2017, and the majority have a download count of over 10,000 times. The full list is available in Check Point's report.

ⓒ 2021 All rights reserved. Do not reproduce without permission.