Joker malware sneaks on to Google Play Store, again

Read time 1min 20sec

Two Android apps on the Google Play Store, 'Smart TV remote' and 'Halloween Coloring', have been found hiding the notorious Joker malware. The apps have subsequently been banned by Google.

This was disclosed by Tatiana Shishkova, a malware analyst at Kaspersky.

The 'Smart TV remote' application was installed over 1 000 times since its release on 29 October.

Joker’s authors modus operandi is to hide the malware in seemingly legitimate apps they publish on official app stores.

In January 2020, Google removed up to 1 700 apps from its Play Store that were found to be hiding the malware. However, by the time they were removed, these apps had been downloaded millions of times.

Similarly, in August this year, eight apps were found to contain Joker, and earlier in April, it was revealed that more than half a million Huawei Android devices were infected with Joker.

Earlier versions of the malware that first reared their ugly head around 2017 were used to commit SMS fraud, while later versions of Joker aimed at billing fraud that involved the threat actors employing injected clicks, custom HTML parsers, and SMS receivers to automate billing processes without any intervention needed from the user.

Today, the malware subscribes users to premium mobile services without their consent or knowledge.

Anyone who has installed one of these applications is advised to immediately uninstall it, run a security scan of their smartphone and check for any unauthorised subscriptions or charges deducted from their accounts.

See also