"This spyware is designed to steal SMS messages, contact lists and device information while also secretly recording victim in premium WAP services (wireless application protocol)Said researcher Viral Gandhi.
The 17 malware downloaded to the Play Store had a total of over 120.000 downloads.
The names of the 17 applications are:
- All Good PDF Scanner
- Mint Leaf Message-Your Private Message
- Unique Keyboard - Fancy Fonts & Free Emoticons
- Tangram App Lock
- Direct Messenger
- Private SMS
- One Sentence Translator - Multifunctional Translator
- Style Photo Collage
- Meticulous Scanner
- Desire Translate
- Talent Photo Editor - Blur focus
- Care Message
- Part Message
- Paper Doc Scanner
- Blue Scanner
- Hummingbird PDF Converter - Photo to PDF
- All Good PDF Scanner
Once Google has been notified of the malware, it has followed the prescribed procedures. Remove the apps from the Play Store and use it service Play Protect to disable applications on infected Appliances. However, users must also remove applications from their devices.
Many Joker malware applications have been found in the Play Store
Is third time that Google removes applications infected with Joker malware.
In July, Google was informed of similar applications by its security researchers Anquanke. This batch has been active since March and has managed to infect millions Appliances.
In most cases, these applications manage to bypass Google's defenses and reach the Play Store, using a technique called "droppers“, Where the victim's device is infected in several stages. The technique is quite simple, but it manages to overcome the obstacles of Google.
Initially, malware creators clone the operation of a legitimate application and upload it to the Play Store. This application is fully functional, asks for many permissions to access sensitive data, but does not perform malicious activity when running for the first time.
Malware starts after hours or even days, so Google security scans do not receive the malicious code, allowing the application to go to the Play Store.
But malicious applications eventually download and install other components or applications on the device. These items contain the Joker malware or other malicious software.
The Joker malware, which Google internally calls "Bread", Relies heavily on the dropper technique. In this way he has managed to penetrate the Play Store many times, maybe more times than any other malware.
In January, Google published a blog post describing it Joker malware as one of the most persistent and advanced threats which has faced in recent years. Google said security teams have removed more than 1.700 apps from the Play Store since 2017. But, apps with the Joker are very popular and have also been reported in stores Android third-party applications.
Anquanke's investigators said they have located more than 13.000 samples of Joker malware since the malware was discovered in December 2016.
Defending yourself from the Joker is tough, but the users can be protected to some degree if they are careful with the applications they download. For example, should avoid applications that require access to many data and look at other users' ratings.
Other malicious applications
According to ZDNet, the Bitdefender reported a group of malicious applications to Google's security team. Some of these apps are still available in the Play Store. The researchers did not name the applications but only them accounts of developers of which were uploaded to the Play Store. The users who have installed applications from these developers should remove them immediately.