back to article Just Android things: 150m phones, gadgets installed 'adware-ridden' mobe simulator games

Android adware found its way into as many as 150 million devices – after it was stashed inside a large number of those bizarre viral mundane job simulation games, we're told. The so-called Simbad malware was built into mobile gaming titles such as Real Tractor Farming Simulator, Heavy Mountain Bus Simulator 2018, and Snow …

  1. Blockchain commentard Silver badge

    Wow, simulators are that popular? Or is there a "t" missing after the "s"?

  2. Anonymous Coward
    Anonymous Coward

    Snow Heavy Excavator Simulator

    Not being the sort of person that downloads any old crap to the phone what is it? is it an excavator covered in snow? What does it simulate? Why do people install these things? Who knows?

    1. Anonymous Coward
      Trollface

      Re: Snow Heavy Excavator Simulator

      Don't laugh. 's no joke. Not even a Heavy Excavator Simulator of one.

      1. David 132 Silver badge
        Coat

        Re: Snow Heavy Excavator Simulator

        It was developed by Blizzard, and taps into the current craze for Drifting. There's been a flurry of interest in it. However, I've heard it's flakey and often freezes up, hence its frosty reception.

    2. Robert Helpmann?? Silver badge
      Childcatcher

      Re: Snow Heavy Excavator Simulator

      Having seen some of these games aps in action, I am not sure how to differentiate between them and malware. I started to say "other malware", but I guess that some individuals actually want these on their phones and download them willingly unlike the add-ons described in the article. There's no arguing with taste.

  3. mark l 2 Silver badge

    Although I don't install many apps I have rooted my phone and installed AFwall firewall. So I can block an apps ability to connect to the internet if needed and remove apps even if they are installed in the system directory.

    1. TonyJ Silver badge

      I don't wish to root my phone (and even if I did, it borks various apps so I wouldn't) but for anyone else in the same boat, I can recommend the NoRoot Firewall.

      Basically it installs as a VPN client and routes all traffic through itself, acting as a proxy, allowing you to turn off access to any app on a granular basis.

      And it's free.

      It also defaults to blocking (as it should, of course) so a new app needs to be allowed through.

      1. Charlie Clark Silver badge

        Magisk is pretty good at rooting only when necessary without borking too many apps.

        The problem with any kind of VPN solution, is you can only run one of them at the time, but otherwise sounds good.

      2. RegW

        Hmm. Doesn't seem to be open source and available on F-Droid like AFWall. Of course that's not a worry for everybody.

  4. Anonymous Coward
    Anonymous Coward

    The Play Store is a cesspit

    "Google should also take another look at its malware scanning systems. While the Chocolate Factory claims that its AI-powered code checkers booted out 700,000 malicious apps in 2017, it's clear the ad giant is still asleep at the switch."

    I have yet to see Google's "Play Protect" flag any dodgy app.

    I have logcat logs showing apps taking screenshots of the device in the background as well as the usual full screen ads that play sound and post more ads to the notification screen and much more.

    Overlay attacks that trick users into downloading or sharing other apps by placing an X over the top of other buttons.

    Apps that attempt to root a device or attempt to run su, chown, chmod on an already rooted device.

    And each and every time I see these things on an Android phone Play Protect says everything is OK.

    The problem is that users then download some other so-called "security" app to try and remove the adware that just compunds the problems.

    The only time an app ever gets booted from the Play Store is when there is media attention.

    1. bean520

      Re: The Play Store is a cesspit

      The only thing I've seen get picked up by Play Protect is Lucky Patcher - an application that patches other apps to interfere with various ad/play store hooks.

      Makes it pretty damn clear the only thing they're protecting...

  5. Chris G Silver badge

    Asleep at the switch?

    But, but, we're making money out those ads.

  6. Peter Ford

    Any suggestions how to check these

    My Android phone is pretty clean - there are very few apps on it and they're from fairly reliable publishers.

    My son's tablet PC, though, is a different matter.

    So, given the length of that list and the arcane naming of the apps, is there any obvious way to list the installed apps on the device and check it with that list? My eyeballs don't fancy an old-school eyeball grep today...

    1. Charlie Clark Silver badge

      Re: Any suggestions how to check these

      Not easily. You're best off installing some kind of checker, and Checkpoint's essentially just touting for business with this report, but basically, you're going to have to educate your son about the dangers of installing just any old shit; you know a "don't go with strangers" talk. Note, it's not just games, anything that promises something for nothing is likely to be suspicious.

      BTW. 150 million sounds a lot but given the installed base, and the way the numbers were calculated, it's not that significant. Checkpoint has form in the area and regularly releases reports like this.

    2. Peter Ford

      Re: Any suggestions how to check these

      In answer to my own question, with my phone (developer mode enabled) connected to my Linux PC by USB, I can grab the list into a text file (bad-andoid-packages.txt) and then

      for PKG in `adb -d shell pm list packages`; do grep $PKG bad-android-packages.txt; done

      which should spot any matches.

      So now all I need to do is get the tablet unlocked and developer-mode-enabled, and it should be easy...

      Certainly easier than watching over his shoulder every minute to spot him installing stuff he shouldn't, although I do try ...

    3. TeeCee Gold badge

      Re: Any suggestions how to check these

      Addons Detector, a quick scan, export the results and search through for moody Library / SDK?

  7. adam payne Silver badge

    While the Chocolate Factory claims that its AI-powered code checkers booted out 700,000 malicious apps in 2017, it's clear the ad giant is still asleep at the switch.

    700,000 seems like an impressive number but how many have been missed?

  8. Colin Ritman

    Huge assumption

    that all the versions were built with the dodgy SDK.

    But then it's checkpoint, so their reputation is laughably shite anyway, as they seem to be in the business of scaring punters, rather than security.

    1. henryd

      Re: Huge assumption

      What was that snide comment based on?

  9. Anonymous Coward
    Anonymous Coward

    poor analogy

    " it's clear the ad giant is still asleep at the switch. "

    More like they are awake, but watching the View on their cellphone.

    FTFY

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019