Google has removed 17 Android apps from the official Play Store, which were infected with Joker (also known as Bread) malware.
Programs discovered by security researchers from Zscaler. Following its internal procedures, Google removed apps from the Play Store, used the Play Protect service to disable apps on infected devices, but users still need to manually intervene and uninstall apps from their devices.The following infected applications have been removed:
- All Good PDF Scanner;
- Mint Leaf Message-Your Private Message;
- Unique Keyboard – Fancy Fonts & Free Emoticons;
- Tangram App Lock;
- Direct Messenger;
- Private SMS;
- One Sentence Translator – Multifunctional Translator;
- Style Photo Collage;
- Meticulous Scanner;
- Desire Translate;
- Talent Photo Editor – Blur focus;
- Care Message;
- Part Message;
- Paper Doc Scanner;
- Blue Scanner;
- Hummingbird PDF Converter – Photo to PDF;
The removal is also the third such action by Google’s security team against a batch of Joker-infected apps in the past few months.
According to Google representatives, Joker is one of the most persistent and complex threats that specialists have had to fight in recent years. Since 2017, the tech giant’s security services have removed more than 1,700 apps from the Play Store.
This method is quite simple, but from Google’s point of view, it is difficult to defend against it.
Malware authors start by cloning the functionality of a legitimate app and uploading it to the Play Store. This is a fully functional application, asks for access to various permissions, but does not perform any malicious actions on first launch.
Google security scans do not detect malicious code, and Google usually allows the app to be hosted on the Play Store.
However, once on the user’s device, the application eventually downloads and “drops” (hence the name “droppers”) other components or applications on the device that contain Joker malware or other malware.
