Two massive mobile adware and data stealing campaigns that already have over 250m global downloads have been discovered by Check Point Research.
Both campaigns target smartphones running Android and exploit the mobile app development supply chain to infect devices and perform malicious actions.
The first campaign has been dubbed SimBad because most of the infected apps are simulator games and so far this mobile adware campaign already has 147m downloads across 210 infected apps on the Google Play Store.
- Mobile malware attacks double in 2018
- Pre-installed malware discovered on Alcatel smartphones
- Major US papers hit by malware attack
SimBad makes smartphones almost unusable as it displays countless ads outside of the affected app with no visible way to uninstall it. To make matters worse, the malicious apps hide their icons to prevent them from being uninstalled and SimBad can also generate pages for multiple platforms and open them in a browser to perform spear-phishing attacks on users.
Check Point Research also discovered a group of Android applications that have been harvesting users' contact information without their consent. The 12 different apps identified by the firm all use a data-scraping software development kit (SDK) and in total they have been downloaded 111m times.
The data stealing campaign has been dubbed 'Operation Sheep' and it is the first to exploit the Man-in-the-Disk vulnerability revealed by Check Point Research in 2018.
The SDK, called SWAnaytics, is integrated into seemingly innocent Android apps published on major Chinese app stores such as Tencent MyApp, Wandoujia, Huawei App Store and the Xiaomi App Store. After installation, SW Analytics silently uploads all of a user's contact list to servers controlled by Hangzhou Shun Wang Technologies.
This means that the attackers behind the campaign could have theoretically collected the names and contact numbers of one-third of China's entire population.
While Google was notified about SimBad and took action by removing the apps from the Play Store, Operation Sheep will likely be harder to stop because of how its creators used Android apps hosted on a number of Chinese app stores to steal user data.
- We've also highlighted the best antivirus to help keep you safe from the latest cyber threats