17 apps removed from Play store spotted Joker malware

Google has long been locked in a battle with cybercriminals who create and submit malicious apps to the Play store that somehow sneak past the company's protections. One especially pervasive and problematic piece of malware is the one dubbed Joker, aka Bread. In the latest round, Google was forced to put the kibosh on 17 malicious apps uploaded in September that tried to infect unsuspecting users with the Joker malware.

JOKER IS THE PLAY STORE'S BANE

Google removed six such apps at the start of the month after they've been spotted and reported by security researchers from Pradeo. Before that, in July, Google removed another batch of Joker-infected apps discovered by security researchers from Anquanke. This batch had been active since March and had managed to infect millions of devices.

The firm also mentioned that the Joker malware also steals device information and silently signs up into the victim's smartphone for premium wireless application protocol (WAP) services. This information was given by a Zscaler security researcher who also explained how this virus works until its final stage of billing using the victims' WAP services.

Following its internal procedures, Google removed the apps from the Play Store, used the Play Protect service to disable the apps on infected devices, but users still need to manually intervene and remove the apps from their devices. 

The 17 apps included the following:

1. All Good PDF Scanner
2. Mint Leaf Message-Your Private Message
3. Unique Keyboard - Fancy Fonts & Free Emoticons
4. Tangram App Lock
5. Direct Messenger
6. Private SMS
7. One Sentence Translator - Multifunctional Translator
8. Style Photo Collage
9. Meticulous Scanner
10. Desire Translate
11. Talent Photo Editor - Blur focus
12. Care Message
13. Part Message
14. Paper Doc Scanner
15. Blue Scanner
16. Hummingbird PDF Converter - Photo to PDF
17. All Good PDF Scanner

 Some malicious apps contain a stager payload, which retrieves and downloads the final payload URL from the code and then executes it on the infected device. In the latest case, the malicious apps incorporated the stager payload URL directly in their code using encryption or another method to disguise it. The final stage payload then executed the Joker malware. But there were still a total of around 120k+ downloads for the identified malicious apps, as Zscaler noted in a blog post.

Related post

Android

Exploring Android 14: A Comprehensive Look at the Latest Features

• 

  by TheBrinkwire
• Sep 11, 2023

Android

Best Phone Cleaner Apps to Boost Your Smartphone Performance 

• 

  by Ankit Raj Singh
• May 20, 2023

Android

Breification B24: What Is BharOS? India’s indigenous Android Competitor 

• 

  by Prateek Gupta
• Jan 29, 2023

Android

ColorOS 13 (Android 13) available for OnePlus 8, 8 Pro, and 8T via Open Beta Program

• 

  by Neeraj
• Nov 27, 2022

Android

6 Ways to Install Dynamic Island on Any Android Phone

• 

  by Neeraj
• Oct 05, 2022

Prateek Gupta

View Articles

I'm a Computer Science graduate, likes to do ordinary work in an extraordinary manner. I'm quite creative, a workaholic. I regularly used analyze new research, development, innovation by tech giants. I'm interested in Machine learning, Data Science along with research work applications on them & solving puzzles, quizzes.