Google removes 17 Android apps with Joker malware

Joker malware apps
Written by Emma Davis

Google has removed 17 Android apps from the official Play Store, which were infected with Joker (also known as Bread) malware.

Programs discovered by security researchers from Zscaler. Following its internal procedures, Google removed apps from the Play Store, used the Play Protect service to disable apps on infected devices, but users still need to manually intervene and uninstall apps from their devices.

This spyware is designed to steal SMS messages, contact lists, and device information, as well as to stealthily subscribe a victim to premium Wireless Application Protocol (WAP) services”said security researcher Viral Gandhi.

The following infected applications have been removed:

  • All Good PDF Scanner;
  • Mint Leaf Message-Your Private Message;
  • Unique Keyboard – Fancy Fonts & Free Emoticons;
  • Tangram App Lock;
  • Direct Messenger;
  • Private SMS;
  • One Sentence Translator – Multifunctional Translator;
  • Style Photo Collage;
  • Meticulous Scanner;
  • Desire Translate;
  • Talent Photo Editor – Blur focus;
  • Care Message;
  • Part Message;
  • Paper Doc Scanner;
  • Blue Scanner;
  • Hummingbird PDF Converter – Photo to PDF;

The removal is also the third such action by Google’s security team against a batch of Joker-infected apps in the past few months.

According to Google representatives, Joker is one of the most persistent and complex threats that specialists have had to fight in recent years. Since 2017, the tech giant’s security services have removed more than 1,700 apps from the Play Store.

Attackers actively exploited vulnerabilities in Google Play in order to bypass security mechanisms. A technique called “droppers” allowed downloading a clean version of the application and then add malicious functionality by updating the program”tell ZDNet journalists.

This method is quite simple, but from Google’s point of view, it is difficult to defend against it.

Malware authors start by cloning the functionality of a legitimate app and uploading it to the Play Store. This is a fully functional application, asks for access to various permissions, but does not perform any malicious actions on first launch.

Google security scans do not detect malicious code, and Google usually allows the app to be hosted on the Play Store.

However, once on the user’s device, the application eventually downloads and “drops” (hence the name “droppers”) other components or applications on the device that contain Joker malware or other malware.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply