Appar innehållande malware har spridits till hundratals miljoner Androidanvändare via Google Play, den officiella butiken. De aktuella apparna har laddats ned nära 150 miljoner gånger.

Det handlar om runt 206 appar som avslöjats med att innehålla adware-kod som kopplar upp sig mot en central server för att ladda ned ytterligare kod och instruktioner.

After installation, the malware connects to the designated Command and Control (C&C) server, and receives a command to perform. ‘SimBad’ comes with a respected list of capabilities on the user’s device, such as removing the icon from the launcher, thus making it harder for the user to uninstall, start to display background ads and open a browser with a given URL.

CheckPoint

SimBad

Koden och funktionerna har döpts till SimBad och efter installation så kan en infekterad enhet visa annonser och reklam som laddats ned, anvöändas för phishing och avslöja information om andra appar.

‘SimBad’ has capabilities that can be divided into three groups – Show Ads, Phishing, and Exposure to other applications. With the capability to open a given URL in a browser, the actor behind ‘SimBad’ can generate phishing pages for multiple platforms and open them in a browser, thus performing spear-phishing attacks on the user.

With the capability to open market applications, such as Google Play and 9Apps, with a specific keyword search or even a single application’s page, the actor can gain exposure for other threat actors and increase his profits. The actor can even take his malicious activities to the next level by installing a remote application from a designated server, thus allowing him to install new malware once it is required.

Den domän som används är registrerad via GoDaddy där information om ägaren skyddats.

 

Mackens Fråga: Ska Apple delas upp?
Share This