Two massive mobile adware and data stealing campaigns that already have over 250m global downloads have been discovered by Check Point Research.
Both campaigns target smartphones running Android and exploit the mobile app development supply chain to infect devices and perform malicious actions.
The first campaign has been dubbed SimBad because most of the infected apps are simulator games and so far this mobile adware campaign already has 147m downloads across 210 infected apps on the Google Play Store.
SimBad makes smartphones almost unusable as it displays countless ads outside of the affected app with no visible way to uninstall it. To make matters worse, the malicious apps hide their icons to prevent them from being uninstalled and SimBad can also generate pages for multiple platforms and open them in a browser to perform spear-phishing attacks on users.
Check Point Research also discovered a group of Android applications that have been harvesting users’ contact information without their consent. The 12 different apps identified by the firm all use a data-scraping software development kit (SDK) and in total they have been downloaded 111m times.
The data stealing campaign has been dubbed ‘Operation Sheep’ and it is the first to exploit the Man-in-the-Disk vulnerability revealed by Check Point Research in 2018.
The SDK, called SWAnaytics, is integrated into seemingly innocent Android apps published on major Chinese app stores such as Tencent MyApp, Wandoujia, Huawei App Store and the Xiaomi App Store. After installation, SW Analytics silently uploads all of a user’s contact list to servers controlled by Hangzhou Shun Wang Technologies.
This means that the attackers behind the campaign could have theoretically collected the names and contact numbers of one-third of China’s entire population.
While Google was notified about SimBad and took action by removing the apps from the Play Store, Operation Sheep will likely be harder to stop because of how its creators used Android apps hosted on a number of Chinese app stores to steal user data.
Some billionaires, like Elon Musk and Bill Gates, buy private planes to take control of the open skies — others purchase yachts to access the open seas. There aren’t too many tech billionaires with yachts. Perhaps it’s because while private planes can be used for work-related trips and quick time-saving flights, yachts are generally relegated...
Federal prosecutors have opened a criminal investigation into data-sharing deals struck between Facebook and makers of mobile computing devices like smartphones and tabetls, reports the New York Times. Under the terms of those deals, which the Times reported about in June, Facebook allowed device makers including Apple, Amazon, and Microsoft to access personal user data,...