[ March 14, 2019 ]
Check Point Research has uncovered two massive mobile adware and data stealing campaigns, which have already had a combined total of over 250 million downloads globally.
Both target mobiles using Android, and exploit the mobile app development supply chain to infect devices and perform malicious actions.
The first is SimBad, a mobile adware campaign that has already had 147 million downloads across 210 infected apps on the Google Play Store.
The other malware called ‘Operation Sheep’ harvests contact information without the user’s consent. Contained in 12 different apps all of which use a data-scraping SDK it has so far been downloaded 111 million times.
Both of these attacks rely on compromising the software supply chain. Attackers leverage trusted third party vendors to deliver malware to unsuspecting customers by inserting malware into third-party code.
Cyber Security Tips:
– Organizations need to understand what commercial and open source products they are using, and be aware of and prepared for potential attacks using legitimate software as a vector.