A team of cybersecurity researchers has discovered that 16 application with the ‘Joker’ malware were available on the Google Play Store. These have already been removed from Google Play Service, but it is very likely that some people downloaded them and infected their phones.
On its blog, Zscaler listed the names of the 16 infected apps:
- All Good PDF Scanner
- Mint Leaf Message-Your Private Message
- Unique Keyboard – Fancy Fonts & Free Emoticons
- Tangram App Lock
- Direct Messenger
- Private SMS
- One Sentence Translator – Multifunctional Translator
- Style Photo Collage
- Meticulous Scanner
- Desire Translate
- Talent Photo Editor – Blur focus
- Care Message
- Part Message
- Paper Doc Scanner
- Blue Scanner
- Hummingbird PDF Converter – Photo to PDF
The attack of this malware consists of enrolling the user in Premium Wireless Application Protocol (WAP) services without the user knowledge. In addition, they gain access to and can steal confidential data information held on the phone.
When the Joker apps are launched, they hide their malicious activity to avoid being detected by Google Play Store Service that would delete them immediately, so Joker has the tactic of carrying out an attack called ‘sticker’.
Once application is installed, it requests you for some special permissions to access the data that has nothing to do with the features they advertise. After a few days, the application itself installs and downloads the malware on your device.
Experts recommend that if you have one of these applications installed on your phone, you uninstall them as soon as possible.