Security researchers have found a new kind of mobile adware hidden in hundreds of Android apps, and downloaded more than 150 million times from Google Play.
The malware masquerading as an ad-serving platform, dubbed SimBad by researchers at security firm Check Point, infected more than 200 apps which, likely unbeknownst to the app developer, would open a backdoor to install additional malware as a way to outsmart Google’s app store scanning. Once installed, the downloaded malware also removes the app icon and persists in the background, loading each time the device boots up.
Google has been pulling down these bad apps, but unfortunately, they will remain on the devices of anyone who installed them unless the user takes action to get rid of them. That’s what is so distressing about all of this. Google has failed to create a system for effectively vetting and screening apps before they appear on Google Play. And it seems no matter how many times security researchers find problems, Google isn’t embarrassed enough to change its ways.