SimBad, a massive adware campaign discovered in Google playstore from more than 200 malicious apps that have been downloaded by nearly 150 million times.
Most of the Infected Malicious apps are belongs to simulator games category and these apps creating extremely annoying ads and displaying outside of the app which let users difficult to uninstall once it gets installed.
Malicious SDK (software development kit) “RXDrioder” played a major role in this campaign which utilizing by attackers to displaying a higher number of ads in order to generate more revenue.
Dubbed SimBad adware campaign was not particularly targeting any country and this SDK provided by ‘addroider[.]com’ who fooled developers to use it for app development.
According to checkpoint research, The app’s perform various malicious behavior including,
Once the Adware apps installed into the victims mobile, SimBad registers itself to make sure the installed app keeps running on the victims mobile whenever they boot or unlock the mobile.
SimBad later connect to the C&C Server in order to receive the commands from attackers to perform a various malicious operation such as removing the icon, making user harder to uninstall, pushing back round ads. “image”
According to Checkpoint, “SimBad’ has capabilities that can be divided into three groups – Show Ads, Phishing, and Exposure to other applications. With the capability to open a given URL in a browser, the actor behind ‘SimBad’ can generate phishing pages for multiple platforms and open them in a browser, thus performing spear-phishing attacks on the user.”
Observed C2 server is ‘addroider[.]com’ that is used to Parse Backend infrastructure, a model for providing web app and mobile app developers with a way to link their applications to backend cloud storage and APIs exposed by back-end applications.
This C2 server domain was registered in via GoDaddy and currently, this domain was expired 7 months ago According to RiskIQ’s PassiveTotal.
Also Learn: Certified Advanced Persistent Threat Analyst online course
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.
Also Read:
Beware !! #1 Adware Removal Mac Store App “Adware Doctor” Spying & Stealing Mac Users Sensitive Data
Beware !! #1 Adware Removal Mac Store App “Adware Doctor” Spying & Stealing Mac Users Sensitive Data
78,000 Fortnite Game Players Infected With Adware While Downloading Fortnite V-Bucks Hack
PythonBot- Dangerous Adware Install on Browser Extension & Bypass Security System
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…