The new adware, which has been dubbed Simbad, has been downloaded over 200 times onto different applications on the Google Play Store. The malware likely infected the applications without the developers knowing and would allow the attacker to open a backdoor allows downloading of more malware, without the scanning capabilities of the Google Play store. This malware is different than others seen from the Google Play Store, including its ability to delete the applications icon off the infected device and only persist in the background. Once the malware is installed, it begins to go through a list of web addresses in the background, serving ads to generate fraudulent revenue. The malware has a tendency to infect simulations games, which gave researchers the idea for its name. It can be seen in games that were available on the Google Play Store Dating back to 2017. Google has not given a comment about this particular instance, but it has been seen time and time again that the company claims to have a “safe” store but is continually forced to remove malicious games.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased