Researchers discovered numerous malicious apps on the Play Store that contained Joker malware. Google removed the apps following this discovery.
Joker Malware Android Apps
Security researchers from Pradeo discovered Joker malware flooding the Play Store impersonating various apps.
As revealed through their post, they found six different Android apps that included malware.
Describing the malware, the researchers stated,
Joker is a malicious bot (categorized as Fleeceware) which main activity is to simulate clicks and intercept SMS to subscribe to unwanted paid premium services unbeknownst to users. By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect.
Though, this isn’t the first time that Joker appeared on the Play Store. Nonetheless, the reemergence shows the resilience of the malware to security measures.
This time, the six apps together boasted around 200.000 installs. It means these apps potentially preyed on thousands of users globally.
Given the apparent functionality of the apps and the subsequent number of installs, it seems the attackers behind this campaign attempted to target a wider scope of victims regardless of region, gender, or age group.
Four out of the six apps mimic utility applications, such as the privacy-oriented app lock, document scanners, and IM app.
Here is the list of these apps.
- Safety AppLock
- Convenient Scanner 2
- Push Message-Texting&SMS
- Emoji Wallpaper
- Separate Doc Scanner
- Fingertip GameBox
Google Removed The Apps
Following the discovery of the malicious apps, Google removed all six of them from the Play Store.
The threat is seemingly over (at least for this campaign) for new users. However, these apps might still be running on the users’ devices. Thus, the researchers urge all the users to review their apps and immediately remove if they see any of these six malicious apps running on their devices.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Largest Hacking Campaign Since 2015 Targeted Magento Stores Via Unpatched Bug - September 16, 2020
- Ransomware Attack Targets Equinix Data Center Provider - September 16, 2020
- Raccoon Attack Aims At Breaking TLS Encryption – Though Attack Is ‘Rare’ - September 16, 2020