Google removes 17 apps infected with Joker malware from Play Store

Google has removed 17 applications that were infected with the Joker malware from its Google Play Store, according to cybersecurity firm Zscaler.

The firm’s research team had identified 17 different apps containing the malware regularly uploaded to Google Play earlier this month. There were a total of around 120,000 downloads for the identified malicious apps, Zcaler said in a blog post.

“This spyware is designed to steal SMS messages, contact lists, and device information along with silently signing up the victim for premium wireless application protocol (WAP) services,” Zcaler’s Viral Gandhi explained in the post.

Google’s Android Security team took prompt action to remove suspicious apps from the Play Store once they were notified of these apps.

The 17 apps removed by Google were All Good PDF Scanner, Mint Leaf Message-Your Private Message, Unique Keyboard - Fancy Fonts & Free Emoticons, Tangram App Lock, Direct Messenger, Private SMS, One Sentence Translator - Multifunctional Translator, Style Photo Collage, Meticulous Scanner, Desire Translate, Talent Photo Editor - Blur focus, Care Message, Part Message, Paper Doc Scanner, Blue Scanner, Hummingbird PDF Converter - Photo to PDF and All Good PDF Scanner.

Users who have these apps installed on their phone have been advised to immediately delete them.

Persistent threat

The Joker malware has remained a persistent threat for the Android security theme. Despite Google’s efforts, the malware has been popping up on various apps on the Play Store at regular intervals.

Earlier this month, Google had removed six apps containing the malware that were spotted by cybersecurity firm Pradeo and accounted for nearly 2 lakh installs.

Also read: Six apps removed

The tech giant in July had banned 11 apps that contained a new variant of the Joker malware which had been discovered by researchers at cybersecurity firm Check Point. It had also removed another batch of apps containing the malware which were reported by Anquanke. This batch of apps had infected millions of devices.

The Android Security & Privacy Team, in a blog post in January, had detailed its efforts to tackle the malware, stating that it had removed over 1700 apps containing the malware by the beginning of this year.

Also read: 50 apps that promise free goods removed

“We first started tracking Bread (also known as Joker) in early 2017, identifying apps designed solely for SMS fraud. As the Play Store has introduced new policies and Google Play Protect has scaled defences, Bread apps were forced to continually iterate to search for gaps. They have at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected. Many of these samples appear to be designed specifically to attempt to slip into the Play Store undetected and are not seen elsewhere,” the team had said in the post.