Researchers find two Android malware campaigns with over 250 million downloads
Check Point Research has uncovered two massive mobile adware and data stealing campaigns, which have already had a combined total of over 250 million downloads globally.
Both target mobiles using Android, and exploit the mobile app development supply chain to infect devices and perform malicious actions.
The first is SimBad, a mobile adware campaign that has already had 147 million downloads across 210 infected apps on the Google Play Store. Called 'SimBad' because most of the infected apps are simulator games, the worldwide campaign makes phone usage unbearable for users by displaying countless ads outside of the app, with no visible way to uninstall the incriminating apps. As well as showing ads the apps' malicious behavior includes constantly opening Google Play or 9Apps Store and redirecting to another particular application, so the developer can profit from additional installations, hiding its icon to prevent uninstallation, and opening a web browser with links provided by the app developer, enabling targeted spear-phishing on users.
The other malware called 'Operation Sheep' harvests contact information without the user’s consent. Contained in 12 different apps all of which use a data-scraping SDK it has so far been downloaded 111 million times. It's the first campaign seen in the wild to exploit a man-in-the-disk vulnerability first identified last year. The SDK, named SWAnalytics, is integrated into seemingly innocent Android applications published on major third party Chinese app stores. After app installation, whenever SWAnalytics senses victims opening up infected applications or rebooting their phones, it silently uploads their entire contacts list to its servers.
Both of these attacks rely on compromising the software supply chain. Attackers leverage trusted third party vendors to deliver malware to unsuspecting customers by inserting malware into third-party code.
Check Point's Richard Clayton writing on the company's blog says, "Unfortunately, there is no easy answer for defending against these types of attacks. Organizations need to understand what commercial and open source products they are using, and be aware of and prepared for potential attacks using legitimate software as a vector."
You can read more about the attacks on the Check Point blog.