{
	"id": "5b11d7ec-ff90-4090-bccb-89248e4a8281",
	"created_at": "2026-04-06T03:36:05.839128Z",
	"updated_at": "2026-04-10T03:30:32.774989Z",
	"deleted_at": null,
	"sha1_hash": "31f12f7fb7914779eb5c9ff23a9d00e64d325619",
	"title": "SimBad: A Rogue Adware Campaign On Google Play",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 93750,
	"plain_text": "SimBad: A Rogue Adware Campaign On Google Play\r\nBy deugenio\r\nPublished: 2019-03-13 · Archived: 2026-04-06 03:09:24 UTC\r\nMarch 13, 2019\r\nResearch by: Elena Root and Andrey Polkovnichenko\r\nCheck Point researchers from the Mobile Threat Team have discovered a new adware campaign on the Google\r\nPlay Store. This particular strain of Adware was found in 206 applications, and the combined download count has\r\nreached almost 150 million. Google was swiftly notified and removed the infected applications from the Google\r\nPlay Store.\r\nInside the SDK\r\nThe malware resides within the ‘RXDrioder’ Software Development Kit (SDK), which is provided by\r\n‘addroider[.]com’ as an ad-related SDK. We believe the developers were scammed to use this malicious SDK,\r\nunaware of its content, leading to the fact that this campaign was not targeting a specific county or developed by\r\nthe same developer. The malware has been dubbed ‘SimBad’ due to the fact that a large portion of the infected\r\napplications are simulator games.\r\nThe Infection Chain\r\nOnce the user downloads and installs one of the infected applications, ‘SimBad’ registers itself to the\r\n‘BOOT_COMPLETE’ and ‘USER_PRESENT’ intents, which lets ‘SimBad’ to perform actions after the device\r\nhas finished booting and while the user is using his device respectively.\r\nAfter installation, the malware connects to the designated Command and Control (C\u0026C) server, and receives a\r\ncommand to perform. ‘SimBad’ comes with a respected list of capabilities on the user’s device, such as removing\r\nthe icon from the launcher, thus making it harder for the user to uninstall, start to display background ads and open\r\na browser with a given URL.\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 1 of 14\n\nFig 1: A list of the possible commands from the C\u0026C server\r\nFig 2: Code that hides the application’s Icon to make it harder to remove\r\nFig 3: The code that starts the background ads\r\nWhat Does SimBad Do?\r\n‘SimBad’ has capabilities that can be divided into three groups – Show Ads, Phishing, and Exposure to other\r\napplications. With the capability to open a given URL in a browser, the actor behind ‘SimBad’ can generate\r\nphishing pages for multiple platforms and open them in a browser, thus performing spear-phishing attacks on the\r\nuser.\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 2 of 14\n\nWith the capability to open market applications, such as Google Play and 9Apps, with a specific keyword search\r\nor even a single application’s page, the actor can gain exposure for other threat actors and increase his profits. The\r\nactor can even take his malicious activities to the next level by installing a remote application from a designated\r\nserver, thus allowing him to install new malware once it is required.\r\nFig 4: An illustration of the attack vector\r\nThe C\u0026C Server\r\nThe C\u0026C server observed in this campaign is ‘www[.]addroider.com’. This server runs an instance of ‘Parse\r\nServer’ (source on GitHub), an open source version of the Parse Backend infrastructure, which is a model for\r\nproviding web app and mobile app developers with a way to link their applications to backend cloud storage and\r\nAPIs exposed by back-end applications, while also providing features such as user management, push\r\nnotifications and more.\r\nThe domain ‘addroider[.]com’ was registered via GoDaddy, and uses privacy protection service. While accessing\r\nthe domain from a browser you get a login page very similar to other malware panels. The ‘Register’ and ‘Sign\r\nUp’ links are broken and ‘redirects’ the user back to the login page.\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 3 of 14\n\nFig 5: The login page of the domain\r\nFig 6: The WhoIS information on RiskIQ’s PassiveTotal\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 4 of 14\n\nAccording to RiskIQ’s PassiveTotal, the domain expired 7 months ago. As a result, it may be that are looking into\r\na compromised, parked domain that was initially used legitimately, but is now participating in malicious activities.\r\nOur Take\r\nWith the capabilities of showing out-of-scope ads, exposing the user to other applications, and opening a URL in a\r\nbrowser, ‘SimBad’ acts now as an Adware, but already has the infrastructure to evolve into a much larger threat.\r\nAppendix 1 – List of Infected Applications:\r\nPackage Name App Name # Installs\r\ncom.heavy.excavator.simulator.driveandtransport\r\nSnow Heavy Excavator\r\nSimulator\r\n10,000,000\r\ncom.hoverboard.racing.speed.simulator Hoverboard Racing 5,000,000\r\ncom.zg.real.tractor.farming.simulator.game Real Tractor Farming Simulator 5,000,000\r\ncom.ambulancerescue.driving.simulator Ambulance Rescue Driving 5,000,000\r\ncom.heavymountain.bus2018simulator\r\nHeavy Mountain Bus Simulator\r\n2018\r\n5,000,000\r\ncom.firetruckemergency.driver Fire Truck Emergency Driver 5,000,000\r\ncom.farming.tractor.realharvest.simulator\r\nFarming Tractor Real Harvest\r\nSimulator\r\n5,000,000\r\ncom.carparking.challenge.parksimulator Car Parking Challenge 5,000,000\r\ncom.speedboat.jetski.racing.simulator Speed Boat Jet Ski Racing 5,000,000\r\ncom.watersurfing.carstunt.racing.simulator Water Surfing Car Stunt 5,000,000\r\ncom.offroad.woodtransport.truckdriver\r\nOffroad Wood Transport Truck\r\nDriver 2018\r\n5,000,000\r\ncom.volumen.booster.equalizer Volumen booster \u0026 Equalizer 5,000,000\r\ncom.ks.prado.Car.parking.race.drive.apps Prado Parking Adventure 5,000,000\r\ncom.zg.offroad.Oil.tanker.transporter.truck.cargo.simulator\r\nOil Tanker Transport Truck\r\nDriver\r\n5,000,000\r\ncom.monstertruck.demolition Monster Truck Demolition 1,000,000\r\ncom.hummerlimotaxi.simulator.driving Hummer taxi limo simulator 1,000,000\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 5 of 14\n\ncom.excavator.wreckingball.demolition.simulator\r\nExcavator Wrecking Ball\r\nDemolition Simulator\r\n1,000,000\r\ncom.offroad.gold.transport.truck\r\nOffroad Gold Transport Truck\r\nDriver 2018\r\n1,000,000\r\ncom.sea.animals.trucktransport.simulator\r\nSea Animals Truck Transport\r\nSimulator\r\n1,000,000\r\ncom.water.surfingrace.motorbike.stunt Water Surfing Motorbike Stunt 1,000,000\r\ncom.policechase.thiefpersecution Police Chase 1,000,000\r\ncom.police.plane.transporter.game Police Plane Transporter 1,000,000\r\ncom.ambulance.driver.extreme.rescue.simulator\r\nAmbulance Driver Extreme\r\nRescue\r\n1,000,000\r\ncom.hovercraftracer.speedracing.boat Hovercraft Racer 1,000,000\r\ncom.cars.transport.truckdriver.simulator\r\nCars Transport Truck Driver\r\n2018\r\n1,000,000\r\ncom.motorbike.pizza.delivery.drivesimulator Motorbike Pizza Delivery 1,000,000\r\ncom.heavy.excavator.stonecutter.simulator\r\nHeavy Excavator – Stone Cutter\r\nSimulator\r\n1,000,000\r\ncom.bottle.shoot.archery.game Bottle shoot archery 1,000,000\r\ncom.offroadbuggy.car.racingsimulator Offroad buggy car racing 1,000,000\r\ncom.garbagetruck.city.trash.cleaningsimulator\r\nGarbage Truck – City trash\r\ncleaning simulator\r\n1,000,000\r\ncom.tanks.attack.simulator.war.attack Tanks Attack 1,000,000\r\ncom.dinosaurpark.trainrescue Dinosaur Park – Train Rescue 1,000,000\r\ncom.pirateshipboat.racing3d.simulator Pirate Ship Boat Racing 3D 1,000,000\r\ncom.flyingtaxi.simulator.race Flying taxi simulator 1,000,000\r\ncom.jetpackinwater.racersimualtor.danger Jetpack Water 1,000,000\r\ncom.boostervolumen.amplifiersoundandvolumen Volumen Booster 1,000,000\r\ncom.farmgames.animal.farming.simulator Animal Farming Simulator 1,000,000\r\ncom.monstertruck.racing.competition.simulator Monster Truck 1,000,000\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 6 of 14\n\ncom.simulator.offroadjeep.car.racing Offroad jeep car racing 1,000,000\r\ncom.simulator.flyingcar.stunt.extremetracks.racing\r\nFlying Car Stunts On Extreme\r\nTracks\r\n1,000,000\r\ncom.simulator.tractorfarming.driving Tractor Farming 2018 1,000,000\r\ncom.impossible.farming.transport.simulator\r\nImpossible Farming Transport\r\nSimulator\r\n1,000,000\r\ncom.volumenbooster.equalizerboost Volumen Booster 1,000,000\r\ncom.mustang.rally.championship.racingsimulator Mustang Rally Championship 1,000,000\r\ncom.deleted.photo.recovery Deleted Photo Recovery 1,000,000\r\ncom.race.boat.speedy Speed Boat Racing 1,000,000\r\ncom.cycle.bike.racing.game Super Cycle Jungle Rider 1,000,000\r\ncom.write.name.live.wallpaper.hd My name on Live Wallpaper 1,000,000\r\ncom.maginal.unicorn.game Magical Unicorn Dash 1,000,000\r\ncom.grafton.cycle.jungle.rider.race Super Cycle Jungle Rider 1,000,000\r\ncom.lovecallingapps.lovecaller.Screen Love Caller Screen 1,000,000\r\ncom.city.car.funny.racing.stunt.game.pro\r\nRacing Car Stunts On\r\nImpossible Tracks\r\n1,000,000\r\ncom.citycar.funny.racinggame.stunt.simulator\r\nRacing Car Stunts On\r\nImpossible Tracks 2\r\n1,000,000\r\ncom.urban.Limo.taxi.simulation.games Urban Limo Taxi Simulator 1,000,000\r\ncom.cg.heavy.tractor.simulator.game Tractor Farming Simulator 1,000,000\r\ncom.campervan.drivingsimulator.caravan Camper Van Driving 1,000,000\r\ncom.bootleshoot.sniper Bottle Shoot Sniper 3D 1,000,000\r\ncom.globalcoporation.fullscreenincomingcaller.app Full Screen Incoming Call 1,000,000\r\ncom.mustache.beard.editor\r\nBeard mustache hairstyle\r\nchanger Editor\r\n1,000,000\r\ncom.volumenbooster.increaservolumen Volumen Booster 1,000,000\r\ncom.photoeditor.girlfriend.addgirlstophoto.pic girlfriend photo editor 1,000,000\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 7 of 14\n\ncom.tracker.location.number.free.spy\r\nMobile Number Tracker \u0026\r\nLocator\r\n1,000,000\r\ncom.garden.editor.app Garden Photo Editor 1,000,000\r\ncom.fortunewheel.game Fortune Wheel 1,000,000\r\ncom.farming.transport.tractor.simulator\r\nFarming Transport Simulator\r\n2018\r\n1,000,000\r\ncom.offroad.tractor.transport.drivingsimulator OffRoad Tractor Transport 1,000,000\r\ncom.customwallpaper.mynameonlivewallpaper my name on live wallpaper 1,000,000\r\ncom.flying.ambulance.emergency.rescue.simulator\r\nFlying Ambulance Emergency\r\nRescue\r\n500,000\r\ncom.mustang.driving.car.race Mustang Driving Car Race 500,000\r\ncom.waterpark.carracing.simulator Waterpark Car Racing 500,000\r\ncom.impossibletrucks.extremetrucks.simulator\r\nImpossible Tracks – Extreme\r\nTrucks\r\n500,000\r\ncom.extreme.flying.motorbike.stuntsimulator Flying Motorbike Stunts 500,000\r\ncom.emergency.firetruck.rescue.drivingsimulator\r\nFire Truck Emergency Rescue –\r\nDriving Simulator\r\n500,000\r\ncom.snowplow.simulator.heavysnow.excavator\r\nHeavy Snow Excavator\r\nSnowplow Simulator\r\n500,000\r\ncom.waterskiing.simulator.games Water Skiing 500,000\r\ncom.photomaker.editor.women.makeupandhairstyle\r\nWomen Make Up and Hairstyle\r\nPhoto Maker\r\n500,000\r\ncom.fortune.mountain Mountain Bus Simulator 500,000\r\ncom.vanpizza.truckdelivery.simulator Van Pizza 500,000\r\ncom.truck.simulator.transportandparking\r\nTruck Transport and Parking\r\nSimulator\r\n500,000\r\ncom.hoverboard.racing.spider.attacksimulator\r\nHoverboard Racing Spider\r\nAttack\r\n500,000\r\ncom.moto.sport.championship.racingsimulator Motorsport Race Championship 500,000\r\ncom.demolitionderby.simulator Demolition Derby 500,000\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 8 of 14\n\ncom.lovecaller.free.loveringtones Love Caller with love ringtones 500,000\r\ncom.house.transport.truck.movingvan.simulator\r\nHouse Transport Truck –\r\nMoving Van Simulator\r\n500,000\r\ncom.heavy.excavator.simulator.stonedriller\r\nHeavy Excavator Stone Driller\r\nSimulator\r\n500,000\r\ncom.cycle.downhill.game Super Cycle Downhill Rider 500,000\r\ncom.extreme.rallychampionship.race Extreme Rally Championship 500,000\r\ncom.missileattack.army.truck Missile Attack Army Truck 500,000\r\ncom.mobile.caller.location.tracker.freecall\r\nCaller Location \u0026 Mobile\r\nLocation Tracker\r\n500,000\r\ncom.mobilenumberlocator.tracker Mobile number locator 500,000\r\ncom.mynameonlivewallpaper.animated.hd My name on Live Wallpaper 500,000\r\ncom.spk.coach.offroad.School.bus.mountain.free\r\nCity Metro Bus Pk Driver\r\nSimulator 2017\r\n500,000\r\ncom.fullscreen.incomingcaller.app Full Screen Incoming Call 500,000\r\ncom.allsuit.man.casualshirt.photo.editor Man Casual Shirt Photo Suit 500,000\r\ncom.americanmuscle.car.race American muscle car race 500,000\r\ncom.offroad.nuclearwastetransport.truckdriver\r\nOffroad Nuclear Waste\r\nTransport – Truck Driver\r\n500,000\r\ncom.madcars.fury.racing.driving.simulator Mad Cars Fury Racing 100,000\r\ncom.high.wheeler.speed.race.championship High Wheeler Speed Race 100,000\r\ncom.colorbynumber.number.coloring.paint.game Number Coloring 100,000\r\ncom.campervan.race.driving.simulator.game\r\nCamper Van Race Driving\r\nSimulator 2018\r\n100,000\r\ncom.unicornfloat.speedrace.simulator Unicorn Float – Speed Race 100,000\r\ncom.dualscreenbrowser Dual Screen Browser 100,000\r\ncom.harvest.timber.simulatorandtransport Harvest Timber Simulator 100,000\r\ncom.racingsimulator.hot.micro.racers Hot Micro Racers 100,000\r\ncom.lara.unicorn.dash.magical.raider.race Lara Unicorn Dash 100,000\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 9 of 14\n\ncom.wingsuit.simulator.extreme Wingsuit Simulator 100,000\r\ncom.foodtruck.driving.simulator Food Truck Driving Simulator 100,000\r\ncom.dograce.competition Dog Race Simulator 100,000\r\ncom.suvcar.parking.simulator.game SUV car – parking simulator 100,000\r\ncom.clap.phonefinder.locator Phone Finder 100,000\r\ncom.phonenumerlocator.findphonenumbers Phone number locator 100,000\r\ncom.whatsapplock.gallerylock.ninexsoftech.lock Gallery Lock 100,000\r\ncom.secret.screenrecorder.screenshotrecord Secret screen recorder 100,000\r\ncom.facebeauty.makeup Face Beauty Makeup 100,000\r\ncom.write.your.christmas.letter.santa.threewisemen\r\nChristmas letters to santa and\r\nthree wise man\r\n100,000\r\ncom.deletedfiles.photo.audio.video.recovery Deleted Files recovery 100,000\r\ncom.screndualbrowserdouble.app.android Dual Screen Browser 100,000\r\ncom.crack.mobile.screen.prank\r\nBroken Screen – Cracked\r\nScreen\r\n100,000\r\nphotoeditor.Garden.photoframe Garden Photo Editor 100,000\r\ncom.modiphotoframe.editor Modi Photo Frame 2 100,000\r\ncom.callerscreen.lovecaller Love Caller Screen 100,000\r\ncom.antitheftalarm.fullbatteryalarm.sound Anti Theft \u0026 Full Battery Alarm 100,000\r\ncom.lovecaller.screen.custom Love Caller Screen 2 100,000\r\ncom.sms.message.voice.reading\r\nVoice reading for SMS.\r\nWhatsapp \u0026 text sms\r\n100,000\r\ncom.photo.text.editor.nameonpic Name on Pic-Name art 100,000\r\ncom.mtsfreegames.Speedboatracing Speed Boat Racing 100,000\r\ncom.simulator.traindriving Train Driving Simulator 100,000\r\ncom.grafton.Cycle.jungle.rider Super Cycle Rider 100,000\r\ncom.gl.racinghorse.competition Racing Horse Championship 3D 100,000\r\nmoveapptosd.tosdcard.freeapp Move App To SD Card 2016 100,000\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 10 of 14\n\ncom.avatarmaker.poptoy.creator Pop Toy Creator 100,000\r\ncom.myphoto.live.wallpaper.editor Photo Live Wallpaper 50,000\r\ncom.messenger2.play.game.Unicorndashk Magical Unicorn Dash 50,000\r\ncom.truck.wheelofdeath Truck Wheel of Death 50,000\r\ncom.livetranslator.translateinlive Live Translator 50,000\r\ncom.volumecontrol.widget.volumebooster Volume Control Widget 50,000\r\ncom.worldcup2018football.shirt.maker.photoeditor\r\nWorld cup 2018 football shirt\r\nmaker\r\n50,000\r\ncom.girlfriendphotoeditor.girlsinyourphoto Girlfriend Photo Editor 2 50,000\r\ncom.myphoto.on.musicplayer.free My Photo on Music Player 50,000\r\ncom.taxidriving.simulatorgame.race taxi 50,000\r\ncom.garden.photoeditor.photoframe Garden Photo Editor 50,000\r\ncom.fortunewheel.deluxe Fortune Wheel Deluxe 50,000\r\ncom.motorcycle.extremeracing.simulator Extreme Motorcycle Racer 50,000\r\ncom.offroad.snow.bike.christmas.racing\r\nOffroad Snow Bike – Christmas\r\nRacing\r\n50,000\r\ncom.Droidhermes.bottleninja Bottle Shoot 50,000\r\ncom.Hadiikhiya.photochangebackground\r\nPhoto Background Changer\r\n2017\r\n50,000\r\ncom.offroad.christmas.treetransport.truck.driversimulator\r\nOffroad Christmas Tree\r\nTransport\r\n50,000\r\ncom.tank.transport.armytruck.simulator Tank Transport Army Truck 50,000\r\ncom.flagteams.facepaint.editor.world2018cup Flag face paint: World Cup 2018 10,000\r\ncom.russianworld2018cup.livewallpaper.flagsteam\r\nWorld Cup 2018 Teams Flags\r\nLive Wallpaper\r\n10,000\r\ncom.editor.selfie.camera.photo Selfie Camera 10,000\r\ncom.desirepk.Offroad.transport.simulator.apps Missile Attack Army Truck 10,000\r\nmassimo.Vidlan.maxplayer Max Player 10,000\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 11 of 14\n\ncom.flashalerts.callandsms Flash Alert – Flash on Call 10,000\r\ncom.photovideo.maker.withmusic Photo Video Maker with Music 10,000\r\ncom.braingames.iqtest.skills Brain Games \u0026 IQ Test 10,000\r\ncom.mix.audio.and.video Audio Video Mixer 10,000\r\ncom.poptoy.creator.edityourpoptoy Pop Toy Creator 2 10,000\r\ncom.flashalert.callandsms Flash on Call and SMS 10,000\r\ncom.photoframe.of.heart Heart Photo Frames 10,000\r\ncom.shayari.hindi.status.photo.text Shayari 2017 10,000\r\ncom.happy.photo.birthday.cake Photo on Birthday Cake 10,000\r\ncom.photoeditor.nature.photoframes Nature Photo Frames 10,000\r\ncom.photoframe.calendar2018editor Calendar 2018 Photo Frame 10,000\r\ncom.christmas.truck.transportsimulator.game\r\nChristmas Truck Transport\r\nSimulator\r\n10,000\r\ncom.christmas.vandrive.modern.santa\r\nModern Santa – Christmas van\r\ndrive\r\n10,000\r\ncom.anbrothers.voicechanger.app Change your voice 10,000\r\ncom.monsters.vs.water.duel Moster vs Water 10,000\r\ncom.flowers.editor.photo.frame EDIT Flowers Photo Frames 10,000\r\nvideoeditor.musicvideo.Phototovideomaker.videoeditor Photo Video Maker with Music 10,000\r\ncom.racing.games.toiletpaper.race Toilet Paper Race 10,000\r\ncom.Zv.puppiesdog.racegame Dog Crazy Race Simulator 10,000\r\ncom.luxury.photo.frame.photo.editor Luxury Photo Frame 10,000\r\ncom.bike.wheelofdeath Bike Wheel of Death 10,000\r\ncom.qbesoft.worldfamousphotoframes.app World Famous Photo Frames 10,000\r\ncom.heavysnowexcavator.christmas.rescue\r\nHeavy Snow Excavator\r\nChristmas Rescue\r\n10,000\r\ncom.syor.deleted.photo.recovery.video.restore Deleted Files Recovery 10,000\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 12 of 14\n\ncom.footballanalyzer.resultsandstats\r\nFootball Results \u0026 Stats\r\nAnalyzer\r\n5,000\r\ncom.photoframe.cube3d.live.wallpaper.hd\r\n3D Photo Frame Cube Live\r\nWallpaper\r\n5,000\r\ncom.photoframe.geenhill Green Hill PhotoFrame 5,000\r\ncom.christmas.magnetic.magicboard.drawandwrite Christmas Magic Board 5,000\r\ncom.animalspart.photo.editor Animal Parts Photo Editor 5,000\r\ncom.camera.blur.photoeffects DSLR Camera Blur 5,000\r\ncom.quick.photo.frame.carphotoframe Car Photo Frame 5,000\r\ncom.game.handsslap.manitascalientes.redhands Hands Slap Game 5,000\r\ncom.maa.durga.live.wallpaper 4D Maa Durga Live Wallpaper 5,000\r\ncom.photomontage.men.sweatshirt.editor Men Sweatshirt Photo Editor 1,000\r\ncom.wordsgame.connectletters Connect Letters. Words Game 1,000\r\nlanas.recover.deleted.pictures.photos Recover Deleted Pictures 1,000\r\ncom.customized.radio.alarm.clock Custom Radio Alarm Clock 1,000\r\ncom.antispamcalls.blockspamcaller Anti-spam Calls 1,000\r\ncom.compatibilitytest.friends.couples Compatibility Test 1,000\r\ncom.dualscreen.android.app.double Dual Screen Browser 1,000\r\ncom.magic.glow.livewallpaper.animatedwallpaper Magic Glow Live Wallpaper 1,000\r\ncom.game.virtualpet.porgy Porgy Virtual Pet 1,000\r\ncom.explosiongame.taptheball Tap the Ball 1,000\r\ncom.analog.digital.clock.live.wallpaper Clock Live Wallpaper 1,000\r\ncom.royalestas.information Royale Stats 1,000\r\ncom.editor.firetext.photo.frame Fire text photo frame 1,000\r\neditor.card.greetings.christmas.com.christmasgreetingscard Christmas greetings card 1,000\r\ncom.bestappsco.bestapplock.free Best App Lock 1,000\r\ncom.DJ.photoframe.editor DJ Photo Frames 1,000\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 13 of 14\n\ncom.autocall.redial.automatic.recall Auto Call redial 500\r\ncom.picquiz.guess.picture.game Guess the picture 500\r\ncom.professionalrecorder.audio.call.record ProfesionalRecorder 500\r\nBLOGS AND PUBLICATIONS\r\nCheck Point Research Publications\r\nGlobal Cyber Attack Reports\r\nThreat Research\r\nFebruary 17, 2020\r\n“The Turkish Rat” Evolved Adwind in a Massive Ongoing Phishing Campaign\r\nWe value your privacy!\r\nBFSI uses cookies on this site. We use cookies to enable faster and easier experience for you. By continuing to\r\nvisit this website you agree to our use of cookies.\r\nACCEPT\r\nREJECT\r\nSource: https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nhttps://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/\r\nPage 14 of 14",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
	],
	"report_names": [
		"simbad-a-rogue-adware-campaign-on-google-play"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775446565,
	"ts_updated_at": 1775791832,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/31f12f7fb7914779eb5c9ff23a9d00e64d325619.pdf",
		"text": "https://archive.orkl.eu/31f12f7fb7914779eb5c9ff23a9d00e64d325619.txt",
		"img": "https://archive.orkl.eu/31f12f7fb7914779eb5c9ff23a9d00e64d325619.jpg"
	}
}