The Joker malware has managed to make its way again on Google Play. This time it has been founded in an app called Color Message. This app was downloaded more than 500,000 times before Google removed it from the Play Store. This malicious app was sending users’ contacts to a remote server.
Color Message app claims to enhance the messaging experience by adding emojis and blocking junk texts. Recently researchers at Pradeo Security found that the app contains a family of malware known as Joker. Joker has already been founded in hundreds of different apps in the past few years.
Researchers food that the app was accessing a contact list and was sending it over the network to a Russian server. It was also automatically subscribing to unwanted paid services. Several users who became victims of the app also posted negative comments on Play Store confirming how the app was deducting their SIM balance.
Joker falls in the Fleeceware category of malware. This malware can Fleecewar clicks, intercept messages, and can subscribe your number to paid premium services. This malware is really hard to detect because of its tiny footprint of code.
Google is trying hard to prevent malicious apps from getting into the Play Store, but it seems it has failed. Joker malware manages to find a way into the Play Store and infect Android devices. Almost every month, researchers find a few apps infected with Joker.
