Researchers have found an adware in 206 Android apps that have 150 million downloads at the Google Play Store.
The malware is dubbed "SimBad" because of how it mainly affected simulators.
Android Adware 'SimBad'
Security experts at Check Point Software Technologies discovered that 206 apps contained SimBad. Google immediately removed them from the Play Store after being informed about them.
The malware posed as an ad-serving platform, and it could open a backdoor that would allow other harmful software to be installed on the device.
As the researchers explain, the perpetrator could "generate phishing pages for multiple platforms and open them in a browser" or set up a "remote application from a designated server, thus allowing him to install new malware once it is required."
According to Check Point, the developers of the apps in question may have duped into using the Software Development Kit or SDK that has the adware. It might have been harder to detect and stop because of that, as the infected apps are safe and legitimate if it weren't for the adware that managed to sneak past, not to mention that it wasn't out to steal personal data of users.
Check Point outlined the apps that have been found to have SimBad, and a lot of them have millions of downloads.
One of them called Snow Heavy Excavator Simulator has been downloaded 10 million times, and 13 of them 5 million times, which accounts for 75 million downloads of the 150 million total.
Here's a breakdown of the apps with 5 million downloads:
• Hoverboard Racing
• Real Tractor Farming Simulator
• Ambulance Rescue Driving
• Heavy Mountain Bus Simulator 2018
• Fire Truck Emergency Driver
• Farming Tractor Real Harvest Simulator
• Car Parking Challenge
• Speed Boat Jet Ski Racing
• Water Surfing Car Stunt
• Offroad Wood Transport Truck Driver 2018
• Volumen booster & Equalizer
• Prado Parking Adventure
• Oil Tanker Transport Truck Driver
Some of them have even been available to download since 2017, and the majority have a download count of over 10,000 times. The full list is available in Check Point's report.