Android Malware Campaigns SimBad Adware and Operation Sheep Reportedly Installed 250 Million Times
Researchers at Check Point reported two Android malware campaigns that have more than 250 million combined installs: SimBad and Operation Sheep. The two campaigns rely on malware embedded in their software development kits (SDKs). The researchers found SimBad (detected by Trend Micro as AndroidOS_SimBad.HRX),
[Trend Micro Research: Google Play Apps Drop Anubis Banking Malware, Use Motion-Based Evasion Tactics]
SimBad Adware can Expose Affected Devices to Other Threats
SimBad sports various capabilities that include removing its icon from the launcher. This is a known technique that makes it difficult for the user to uninstall or delete malicious Android apps. SimBad also displays ads in the
The researchers note that SimBad’s capability to open any given URL could expose users to phishing. SimBad’s authors can further capitalize on their malware by opening the app stores installed on the affected device to install additional apps. This tactic resembles another operation that Trend Micro uncovered in late January, involving various malicious apps that posed as beauty camera apps. Apart from constantly showing ads (and configuring which ads are displayed), the apps also redirected users to phishing pages.
[READ: Turning Your Data Against You: Cybercrime’s New Norm?]
Operation Sheep Can Steal Data Stored on External Storage
Operation Sheep stole information via a data-stealing functionality integrated
Operation Sheep, according to the researchers, is the first real-life campaign to exploit the Man-in-the-Disk flaw. SWAnalytics scans an affected device’s external storage for data of interest, such as QQ login information, as well as the device’s model and brand, installed applications, geolocation, and running processes. These kinds of information can then be monetized by selling them to advertisers and retailers that have referral programs — or even to cybercriminals or fraudsters.
SimBad and Operation Sheep reflect the trends in the current mobile threat landscape, where seemingly innocuous applications are used as springboards for ad fraud. In 2018, for instance, Trend Micro’s mobile app reputation service (MARS) identified 1,088 Android applications embedded with SDKs used in a massive ad fraud scheme that cost businesses at least US$75 million in losses. These
[READ: A Practical Guide to Mobile Safety]
The mobile platform’s ubiquity makes it a trove of data that cybercriminals can monetize. SDK providers that illicitly sell personal data, for instance, are expected to shift to using stealthier techniques like click fraud and overlay attacks. For users, this highlights the importance of adopting best practices for securing mobile devices: Beware of unsolicited messages, avoid connecting to
Trend Micro Solutions
End users and enterprises can also benefit from multilayered mobile security solutions such as Trend Micro™ Mobile Security for Android™ (available on Google Play), and Trend Micro™ Mobile Security for Apple devices. Trend Micro™ Mobile Security for Enterprise provides device, compliance and application management, data protection, and configuration provisioning, as well as protects devices from attacks that exploit vulnerabilities, preventing unauthorized access to apps as well as detecting and blocking malware and fraudulent websites.
Trend Micro’s Mobile App Reputation Service (MARS) covers Android and iOS threats using leading sandbox and machine learning technologies. It can protect users against malware, zero-day and known exploits, privacy leaks, and application vulnerabilities.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Ransomhub
- Unleashing Chaos: Real World Threats Hidden in the DevOps Minefield
- From Vulnerable to Resilient: Cutting Ransomware Risk with Proactive Attack Surface Management
- AI Assistants in the Future: Security Concerns and Risk Management
- Silent Sabotage: Weaponizing AI Models in Exposed Containers