Joker Malware Disguised As ‘Color Message’ App Targeted 500K Android Users

Heads up, Android users! The seemingly popular Android app “Color Message” has been found with the infamous Joker malware. Users who had previously installed or used it should uninstall it immediately from their respective devices.

Joker Android Malware Posed As ‘Color Message’ App

Researchers from Pradeo have discovered the Android application “Color Message” to deliver Joker malware.

It is an old and potent malware targeting Android devices for quite a while. This malware keeps appearing on app stores, including the official Google Play Store, impersonating different apps to trick users. Joker malware exhibits outstanding stealth capabilities to evade detection, becoming a successful attack vector for the threat actors.

As Pradeo’s recent post elaborated, Color Message appeared as a creative app for customizing the messaging app themes. It seemed harmless, but it installed Joker malware on target devices.

The app also exhibited sneaky capabilities to prevent detection as it immediately removed its icon following installation. After that, the malware would steal money from the users by subscribing to unknown paid services. Also, the malware would steal the victim’s contact list.

Google Removed The App From The Play Store

Following the report, Google has removed the malicious Color Message app from the Play Store. Nonetheless, it managed to garner over 500,000 downloads until then.

But the threat isn’t over yet for the users who have already downloaded this app. Such users should immediately delete the app from their devices and double-check the removal by looking for the package “com.guo.smscolor.amessage” via the Settings menu.

As for the future, the key to preventing falling prey to such attacks is never to download any apps from unknown developers. This remains true even for the apps available on Google Play Store. Instead, users should always look for apps from legit and popular developers after thoroughly checking their legitimate existence. Any names similar (but not identical) to the legit brand names or misspells should be considered a warning sign.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil