Google Play app with 500,000 downloads sent user contacts to a Russian server

Courtesy of: kaspersky.com

A security firm has discovered malware in an Android app with more than 500,000 downloads on Google Play that secretly forwards user contacts to a server controlled by an attacker and enrolls them in expensive subscriptions.

Color Message, the app, was still available on Google’s servers at the time of writing this essay. Google removed it more than three hours after I contacted them for comment. Color Message claims to improve text communications by adding emojis and eliminating SMS spam, among other things. Color Message, however, contains a family of malware known as the Joker, which has already infected millions of Android devices, according to researchers at Pradeo Security.

According to the company’s blog post, “Our research on the Color Message application using the Pradeo Security engine shows that it accesses users’ contact lists and exfiltrates them across the network.” “At the same time, the program unintentionally subscribes users to unwanted premium services. The app has the ability to hide its icon once installed, making it difficult to remove.

Pradeo’s discovery is just the latest example of Google hosting harmful software that harms users of their Android mobile operating system. While Google monitors apps for malware and removes a large number of submissions every month, there are a lot of programs missing. Regular complaints about malicious apps available through Play tarnish the mobile operating system’s otherwise impeccable security record, at least on Pixel smartphones developed by Google.

Joker is classified as Fleeceware, a type of malware. It mimics clicks and intercepts text messages in an attempt to trick customers into paying for premium services they don’t want. Due to the small footprint of its code and the strategies its developers use to hide it, Joker is difficult to detect. The malware has been discovered in hundreds of applications downloaded by millions of people over the past few years.

Color Message does not reveal the extent of actions that the software can take on users ‘devices, in addition to forwarding users’ contacts to a server that appears to be located in Russia and subscribing to unwanted services.

Android users should be careful while downloading apps, as is customary. A good rule of thumb is to only download apps that really help you, and choose apps from well-known companies when possible. People should also study customer reviews to find out if any malicious reports have been made.

About Sandra A. Powell

Check Also

Musk’s Twitter account tagged a bot by the app he used, Twitter says

Elon Musk is trying to pull out of his $44 billion deal to buy Twitter. …