Pradeo discovered the Joker malware, which has been active for at least two years, in an Android app called Color Message that has been downloaded more than 500,000 times.
“Joker is categorized as Fleeceware,” Pradeo explains, “because its core business is simulating clicks and intercepting text messages to subscribe to unwanted paid premium services without users’ knowledge. Using the least of possible code and by carefully masking it, Joker generates a very inconspicuous fingerprint that can be difficult to detect.Over the past two years, the malware has been found hidden in hundreds of applications.
The company says Color Message was discovered surreptitiously “establishing connections with Russian servers.” The app has since been removed from Google Play, but screenshots posted by Pradeo show it was touted as a messaging app that “makes texting easy, fun and beautiful” and got a average score of 4.1 stars despite many one-star reviews. .
“Our analysis of the Color Message application through the Pradeo Security engine shows that it accesses the users’ contact list and exfiltrates it on the network,” explains Pradeo. “At the same time, the app automatically subscribes to unwanted paid services without users’ knowledge. To make it difficult to remove, the app has the ability to hide its icon once installed.”
Recommended by our editors
Pradeo says previous apps containing the Joker malware were installed between 1,000 and 100,000 times before being removed from Google Play. The malware included several document scanners, another messaging app, a wallpaper manager, and the ironically named Safety AppLock. Luckily, it seems that deleting the apps can remove the malware.
Do you like what you read ?
Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.