Cyber security researchers have revealed six applications on the Google Play store with a combined total of over 200,000 downloads in yet another example of the highly persistent malware that has been plaguing Android users for the past three years.
The Joker malware pretends to be a legitimate app in the Play Store but after installation conducts billing fraud by either sending SMS messages to a premium rate number or using the victim’s account to repeatedly make purchases using WAP billing, which also lines the pockets of Joker’s operators.
The activity occurs behind the scenes and without the input and knowledge of the user. This simply means that until the user receives a phone billing full of additional charges, they won’t know they have been scammed.
Google has since 2017, removed over 1,700 apps containing Joker malware from the Play Store but the malware keeps re-emerging and recently, six new malicious apps have been identified by researchers at cyber security company Pradeo.
Out of these six apps discovered, one by name ‘Convenient Scanner 2’ has been downloaded over 100,000 times and another called ‘Separate Doc Scanner’ has been downloaded by 50,000 users.
Another app, ‘Safety AppLock’,which claims to ‘protect your privacy’ and has been installed 10,000 times by unfortunate victims who will eventually discover that the malicious download harms, rather than protects, them.
Two other apps with the Joker malware have also received 10,000 downloads each ; ‘Push Message-Texting&SMS’ and ‘Emoji Wallpaper’, while another named ‘Fingertip Game Box’ has been downloaded 1,000 times.
Upon discovery by Pradeo, these six apps have been removed from the Google Play Store. Users who have any of the applications on their Android devices are urged to delete them immediately.
The six apps are the most recent malicious downloads in a long line that the group behind Joker have attempted to sneak into the Play Store.
Google’s Android security and privacy team in a previous blog post describes Joker, as one of the most stubborn threats the Play Store faces, with the attackers behind it having “at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected”.