Roughly 200 Google Play apps, with over 150 million downloads, have been identified as duplicitous vehicles for malware, according to Gizmodo. Most of these apps are related to gaming and shooter games.
When Check Point notified Google of this information, “Google responded quickly,” reported Check Point R&D Group Manager, Jonathan Shmonovich.
Within the broader attack, two separate mobile data collection campaigns were identified.
In the first campaign -known as SimBad- the cyber criminals primarily took advantage of the ability to overlay ads, hijacking it to reflect their own materials. The crime group can also seemingly control the URLs of browsers, meaning that they can put up spear phishing sites targeting specific users. Check Point Researchers note that, due to the configuration of Simbad, it could potentially “evolve into a much larger threat.”
In the second campaign, titled Operation Sheep, malware harvests the phone numbers in users’ phones. It exploits the Man-in-the-Disk vulnerability that Check Point discovered last year.
Mobile phones are attractive targets to hackers due to the fact that they contain an enormous wealth of information. As a hacker, once you’re in someone’s phone, you can access phone numbers, email addresses, photos, videos and more.
“The data harvesting market is a wide one, and can be worth a lot of money,” says Aviran Hazum, Check Point Analysis and Response Team Leader.
To protect your phone, and your data, try to insure that the app you’re interested in downloading has a known developer, and has been downloaded at least 10,000 times.
Get the full story from Tech Crunch.