Over half a million Android users have installed an app used to distribute Joker malware after downloading it from the Google Play store.
Pradeo cybersecurity researchers have identified the malware, which Google has now removed from its official Android app marketplace.
Before its removal, the app, called “Color Message”, had been downloaded by more than 500,000 Android users. Advertised as an app allowing users to customize their default SMS messages, Color Message was a front for spreading Joker, one of the most prolific forms of Android malware.
Prolific Android malware
Once installed, the malware does three things: it simulates clicks in order to generate revenue from malicious ads, it subscribes users to unwanted premium paid services in order to steal money and commit fraudulent activities. billing and it accesses users’ contact lists and sends the information to attackers.
According to the researchers, there is evidence that the stolen information is sent to servers hosted in Russia.
The app’s negative reviews on the Play Store suggest that some users have noticed the unauthorized behavior, with complaints of being billed for services they did not request access to.
Users are advised to uninstall Color Message
Google Play has protocols designed to prevent the publication of malicious apps, but the developers of the malicious app have managed to bypass them. “Using as little code as possible and completely concealing it, Joker generates a very discreet fingerprint that can be difficult to detect,” says Roxane Suau, of Pradeo.
Users who downloaded Color Message from the Google Play Store are advised to uninstall the app immediately.
This is far from the first time that Joker has been detected in the Play Store. Pradeo says it has been found in hundreds of apps over the past two years, but given the persistence of the authors, it is likely that they will try to distribute the malware again.
Source: ZDNet.com