Security researchers from Check Point Research have uncovered a new strain of adware called SimBad that has infected about 206 apps in the Google Play Store.
Though the apps have been removed from the Play Store by Google, the apps are said to have collectively been installed over 150 million times by unsuspecting Android users.
According to the report (via ArsTechnica), once the any of the apps were installed, they would bombard the user's phone with ads that would play in the background even if the app wasn't open at all
Apart from the annoying constant display of unsolicited ads in the background, the SimBad adware can also be remotely commanded to open a specific URL in the web browser. Since the adware can take users to any desired web page in the web browser, the malware creators can as well easily generate phishing pages.
The adware can also hide an infected app's icon from the launcher so as to make it difficult for the phone user to uninstall the infected app(s).
Check Point researchers noted that the SimBad malware is part of the 'RXDrioder' SDK that is provided to developers as an add-on SDK for ad-related services.
"We believe the developers were scammed to use this malicious SDK malware of its content, leading to the fact that this campaign was not targeting a specific country or developed by the same developer," the security report said.
Check Point explained that the adware could also take users to Android app stores like the Google Play Store and 9Apps where they are prompted to download even more malware infected apps.
One of the infected apps (Snow Heavy Excavator Simulator) that have been removed from the Google Play Store had around 10 million downloads, while 13 other apps had 5 million installs each.
Though now considered adware, Check Point said that the SimBad malware "has the infrastructure to evolve into much larger threat.