An Android malware campaign emerged on the Play Store with the malware midden within a Smart TV Remote app. The malicious app even garnered a few downloads before it was discovered. Eventually, Google removed the app after numerous reports. users with the app running on their devices must delete it immediately.
Malware Mimicking Smart TV Remote App
Recently, Kaspersky security researcher, Tatyana Shishkova, highlighted two malicious apps on Google Play Store. The apps actually embedded the infamous Joker malware that mimicked a Smart TV Remote app and a Halloween-themed app. While the latter didn’t attract significant installs, the Smart TV Remote app shows 1000+ downloads.
#Joker Android Trojans on Google Play:https://t.co/jxJWbe8AH0 Oct 29, 1,000+ installshttps://t.co/UmLssAqBF7 Nov 5, 1+ installs pic.twitter.com/wVLY4yI4Kz
— Tatyana Shishkova (@sh1shk0va) November 10, 2021
These two are not the only appearances of Joker malware. Shishkova also highlighted a few more apps later hiding Joker.
#Joker Android Trojan on Google Play:https://t.co/oK4UFzSPQ7 Nov 9, 10+ installs
Payload:
Step 1: https://banmama.oss-us-west-1.aliyuncs[.]com/easypdf
Step 2: https://banmama.oss-us-west-1.aliyuncs[.]com/belong pic.twitter.com/wPrKiYG8Rw— Tatyana Shishkova (@sh1shk0va) November 11, 2021
#Joker Android Trojans on Google Play:https://t.co/SR94u4iVXI Nov 4, 10+ installshttps://t.co/YIcWA6BKVB Nov 5, 1+ installs pic.twitter.com/nrbdSi0Vyh
— Tatyana Shishkova (@sh1shk0va) November 11, 2021
#Joker Android Trojan on Google Play:https://t.co/kgzbO696go Nov 9, 10+ installs pic.twitter.com/FyBPETsRwA
— Tatyana Shishkova (@sh1shk0va) November 15, 2021
While all these apps have very few installs, it seems Joker malware is actively flooding Play Store these days.
According to the analysis shared by Bleeping Computer, the apps’ APKs included obfuscated payload files. These ‘XOR-encrypted’ files currently evade anti-malware detection. In addition, some users have also confirmed that the apps escape VirusTotal detection for now.
Google Removed The App From The Play Store
Following these reports, Google quickly removed most of the highlighted apps from the Play Store. Bleeping Computer has also confirmed the same.
However, one lately reported app, “Volume booster Hearing Aid,” still exists on the Play Store while writing this article. It currently shows 10+ installs only, with the latest version being 0.1.4.
While no one can pre-detect malware when applying such evasive strategies, users can still protect themselves by staying vigilant on what they download.
As a rule of thumb, users must refrain from downloading apps from third-party app stores. Whereas, when downloading apps from official stores like Google Play Store, users must stick to legit developers only. Quickly verifying the app developers and checking customer reviews can help in avoiding such issues.