Google Removed Six Apps Containing Joker Malware From Play Store

Researchers discovered numerous malicious apps on the Play Store that contained Joker malware. Google removed the apps following this discovery.

Joker Malware Android Apps

Security researchers from Pradeo discovered Joker malware flooding the Play Store impersonating various apps.

As revealed through their post, they found six different Android apps that included malware.

Describing the malware, the researchers stated,

Joker is a malicious bot (categorized as Fleeceware) which main activity is to simulate clicks and intercept SMS to subscribe to unwanted paid premium services unbeknownst to users. By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect.

Though, this isn’t the first time that Joker appeared on the Play Store. Nonetheless, the reemergence shows the resilience of the malware to security measures.

This time, the six apps together boasted around 200.000 installs. It means these apps potentially preyed on thousands of users globally.

Given the apparent functionality of the apps and the subsequent number of installs, it seems the attackers behind this campaign attempted to target a wider scope of victims regardless of region, gender, or age group.

Four out of the six apps mimic utility applications, such as the privacy-oriented app lock, document scanners, and IM app.

Here is the list of these apps.

  • Safety AppLock
  • Convenient Scanner 2
  • Push Message-Texting&SMS
  • Emoji Wallpaper
  • Separate Doc Scanner
  • Fingertip GameBox

Google Removed The Apps

Following the discovery of the malicious apps, Google removed all six of them from the Play Store.

The threat is seemingly over (at least for this campaign) for new users. However, these apps might still be running on the users’ devices. Thus, the researchers urge all the users to review their apps and immediately remove if they see any of these six malicious apps running on their devices.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients