Google has removed 210 Android apps with a combined total of 150 million installs that allowed attackers to display ads, install apps, and open web sites once a device had been started.
All of these apps were utilizing a malicious software development kit called "RXDrioder" that allowed attackers to display advertisements and open URLs on a Android device when the device was booted or the user unlocks the screen. It is not known if the app developers knowingly utilized this malicious library or were tricked into doing so.
According to a report shared by Check Point with BleepingComputer, these malware apps are being dubbed 'SimBad' as the apps were mostly driving and racing simulator games such as Snow Heavy Excavator Simulator, Ambulance Rescue Driving, and Water Surfing Car Stunt. The apps had a combined total of over 150 million installs, with the app named "Snow Heavy Excavator Simulator" having over 10 million installs.