Android: four new malicious applications removed from the Play Store

Four other Android apps downloaded over 100,000 times have been removed from the Google Play Store. Researchers have indeed discovered that they were used to spread malware on smartphones where they were installed.

The apps in question were spreading the Joker malware. They were identified by cybersecurity researchers at Pradeo, who reported them to Google. The apps have now been removed from the Play Store.

Users who downloaded the apps were warned to remove them immediately to avoid becoming victims of fraud.

Millions of downloads

Of the offending apps, three were released in the past month. The last dates back to November 2020, the date of its first appearance. However, the researchers were unable to identify when the latter was modified to deliver the malware.

The Joker malware is designed to be stealthy and difficult to detect by app stores, with its developers changing their methods regularly to avoid detection.

This is what made Joker successful: it has hidden in thousands of mobile apps and been downloaded by millions of victims over the past three years.

Fraudulent in-app purchases

The main goal of Joker is to earn money from the victims who inadvertently downloaded the malware. To do this, the malware makes fraudulent in-app purchases and sends text messages to premium rate numbers.

Two of the apps were able to bypass multi-factor authentication in order to allow in-app purchases. They do this by intercepting one-time passwords through notifications, reading text messages and taking screenshots.

In some cases, the victims do not notice the fraud until several weeks later, upon receipt of an operator invoice or an account statement, for example.

One malware can hide another

Beyond the money collected by these frauds, Joker can also install other applications on the devices of its victims. Potentially more dangerous malicious apps that could steal sensitive information or spy on infected devices.

While these rogue apps were designed to appear legitimate, Pradeo points out that there are clues that may urge users to be cautious. In particular, one must be attentive to the way in which the developer presents his application, be wary of short and imprecise confidentiality rules, or of applications that are not linked to a company name or a specific website.

Source: ZDNet.com

Leave a Comment