'SimBad' Android adware was downloaded nearly 150 million times

Google pulled 210 apps carrying 'SimBad,' many of them games.

Sponsored Links

Omar Marques/SOPA Images/LightRocket via Getty Images
Omar Marques/SOPA Images/LightRocket via Getty Images

As much as Google has done to keep malware out of the Play Store, some notable examples still get through. Google has pulled 210 apps from the store after Check Point researchers discovered that they were infected with the same strain of adware. Nicknamed "SimBad" based on the abundance of infected simulator games, the code hid in a bogus ad-serving platform and created a back door that could install rogue apps, direct users to scam websites and show other apps in stores. Check Point believes the apps' developers were tricked into using the platform.

Unfortunately, these weren't just specialty apps with few users. The apps had nearly 150 million downloads, and dozens of them have over 1 million downloads -- the largest (Snow Heavy Excavator Simulator) had over 10 million. The oldest apps were available since March 2017.

We've asked Google for comment. SimBad may have been difficult to stop compared to some malware, since it was piggybacking on otherwise legitimate apps and was focused on serving ads as opposed to stealing data. Even so, this illustrates a familiar problem with the Play Store: Google's current scanning techniques can still miss rogue apps like this, and customers can't always tell that an app is suspicious just by looking at it.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget