Check Point thought that the makers deceived app developers into using the malicious SDK.
Other popular simulator apps affected by the bad SDK with at least five million installs included Hoverboard Racing, Real Tractor Farming Simulator, Ambulance Rescure, Heavy Mountain Bus Simulator 2018, Fire Truck Emergency Driver, Farming Tractor Real Harvest Simulator, Car Parking Challenge, Speed Boat Jet Ski, Water Surfing Car Stunt, Offroad Wood Transport Truck Driver 2018, Volumen booster & Equalizer, Prado Parking Adventure, and Oil Tanker Transport Truck Driver.
For its tests, AV Comparatives ran 2,000 of the most common Android malware samples from previous year through the 250 anti-virus products, checking their detection and false-positive rates. The adware carrying app campaign once again highlights the need for Android users to peruse the reviews accompanying an application prior to downloading one.
Some apps failed a very basic test. AV Comparatives ran more than 100 legitimate apps through the scanners in an effort to gauge the false positive rate.
The reason why the "Unknown Sources" option needs to be enabled is because APK updates are manually downloaded from Google's APK website and they don't get released via OTA (over the air) channels as regular updates do. They automated the device, directing it to download and install known malware apps from the browser.
Most of the tested apps had a review score of four or higher on Google Play's five-star scale, making it hard for users to derive any meaningful, impartial information about an app's efficacy, AV Comparatives reports.
The report noted that only 23 Android apps were able to detect all the 100 percent malware samples.
There can be risks in using whitelists.
An investigation by cybersecurity firm AV-Comparatives found many offerings don't work as intended, some don't even try to work as intended, and some are there just for the opposite effect - to bombard the user with ads and malvertising.
Some apps would even block themselves, in instances when the devs would forget to whitelist themselves.
Google points out that this new policy only applies to the Play Store when viewed on Android, your desktop browser, or on Chrome OS. AV Comparatives says it expects the company to remove more. This tactic is common amongst Android malware, and this one is not an exception. In those days, researchers often found malware purporting to be anti-virus applications. A few more were over 99 percent effective.