A fish with his mouth closed never gets caught.. -The Joker-
Cyber-security researchers discovered six apps on the Google Play Store with a total of over 200,000 downloads in another example of the highly persistent malware that has plagued Android users over the past three years.
The Joker malware pretends to be a legitimate app on the Play Store, but after installing it, it performs billing fraud by sending SMS messages to a premium rate number or by using the victim’s account to make frequent purchases using WAP bills, which also fills the pockets of Joker operators.
The activity takes place behind the scenes and without the need for any user intervention, which means that they often won’t discover they have been scammed until they receive a phone bill full of extra charges.
Google has removed more than 1,700 apps containing Joker malware from the Play Store since 2017, but malware has continued to re-emerge, and now researchers at cyber-security firm, Pradeo have identified six new malicious apps.Of the six apps discovered as Joker, an app called “Convenient Scanner 2” was downloaded more than 100,000 times, while “Separate Doc Scanner” was downloaded by 50,000 users.
Another app, “Safety App Lock,” claims to “protect your privacy” and has been installed 10,000 times by unintended victims who will eventually discover that the malicious download is harmful to them, rather than protecting them. Two other apps also received 10,000 download each: “Push Message-Texting & SMS” and “Emoji Wallpaper”, while one app called Fingertip GameBox has been downloaded 1,000 times.
All six apps have now been removed from the Play Store after Pradeo disclosed them to Google. ZDNet tried to contact Google for comment; No response was received at the time of publication.
Users whose Android smartphones has any of the apps are urged to uninstall them immediately.
The six apps are the latest in a long list of malicious downloads that the group behind Joker, also known as Bread, has attempted to infiltrate the Play Store.
In many cases, malicious apps have managed to bypass the Play Store’s defenses by sending them clean apps to get you begin, only to add malicious functions at a later date.
“These apps are riddled with permission requests and submitted to Google Play by their developers. They get approved, published and installed by users. Once running on users’ devices, they automatically download malicious code,”
“Then, they leverage their numerous permissions to execute the malicious code. Security checks of these apps’ source code as it is published on the store do not detect the malware, because it’s not there yet” told by Pradeo’s Roxane Suau to ZDNet.
The Joker authors attempt to encourage malware downloads by entering false positive reviews, although many of the apps identified by Pradeo also have a lot of negative reviews from users who have been victims of malware, something that users should consider when downloading Applications.
It is very likely that the individual or group behind the Joker is still active and is trying to trick more users into downloading malware to continue the scam.
Written By/Dilmi Shasmitha -3rd Year 2nd Semester -Cyber Security Student SLIIT