The IT security company Pradeo tracked down the Color Message app, which was infected with malware called Joker and could be downloaded from the Google Play Store. The SMS app was downloaded over 500,000 times before Google pulled the plug and removed it from the Play Store.
Color Message was supposed to send and receive SMS messages and spruce them up with customizable color schemes. The app also had libraries of icons and emojis to use in SMS. As a result, the integrated malicious code was not noticed so quickly.
The built-in Joker malware mainly simulates clicks and intercepts SMS in order to subscribe to premium services unnoticed by users and thus generate income for the criminal masterminds. The app also uploads the user’s contacts to the Internet and establishes connections to Russian servers. On top of that, the app can “hide” by making its icon disappear from the Android interface, explain the security researchers.
particularities
The Joker malware was written with as little code as possible and it was also well hidden so that Google’s automatic security systems would not work. The malware has been able to hide in hundreds of apps in the past two years, writes Pradeo in a blog post.
The company’s researchers recommend that users should uninstall the app with the package name “com.guo.smscolor.amessage” immediately if it has not already done so automatically. Google has to remove apps with integrated malware from time to time because the automatic analyzes sometimes don’t work.
(dmk)