Researchers Found 17 'Joker-Infected' Apps Playing Hide-And-Seek In Google Play Store

Joker, Android

Android is the most popular mobile operating system, but still its official app store is plagued with malware incidents that seem to have no end.

One of the most prominent malware at this time around, is the 'Joker'. Despite Google's awareness of this particular malware strain, malicious app developers keep finding ways into putting their Joker-infected apps onto the Play Store by employing various strategies.

The strategies include and not limited to: changing the apps' code, execution methods, or payload-retrieving techniques.

And here, the team at Zscaler ThreatLabZ has found 17 Joker-infected apps that were regularly uploaded to Play Store in September 2020, earning at around 120,000 downloads.

"This prompted us to evaluate how Joker is so successful at getting around the Google Play vetting process."

Read: Google Purged 'The Joker', A Malware Residing On Popular Apps In Play Store

The names of the 17 apps were:

  1. All Good PDF Scanner.
  2. Mint Leaf Message-Your Private Message.
  3. Unique Keyboard - Fancy Fonts and Free Emoticons.
  4. Tangram App Lock.
  5. Direct Messenger.
  6. Private SMS.
  7. One Sentence Translator - Multifunctional Translator.
  8. Style Photo Collage.
  9. Meticulous Scanner.
  10. Desire Translate.
  11. Talent Photo Editor - Blur focus.
  12. Care Message.
  13. Part Message.
  14. Paper Doc Scanner.
  15. Blue Scanner.
  16. Hummingbird PDF Converter - Photo to PDF.
  17. All Good PDF Scanner.
17 Joker apps

According to the team in a blog post, the Joker is a spyware capable of stealing SMS messages, contact lists, and device information, along with silently signing up the victim for premium wireless application protocol (WAP) services.

These apps function and behave like normal. The main difference is that, the apps require dangerous permissions to work.

The apps at first time installation, won't do any harm, and this is by design. This is in order for Google to not realize its malicious code. So here, the apps usually keep their malicious intention to themselves for a few hours or days, before eventually requesting "drops" (hence the name droppers, or loaders) of other components or apps on the device.

The things that the apps request, include the Joker itself or other malware strains.

Following Zscaler's report, Google removed the 17 apps from the Play Store, and deployed its Play Protect service to disable the apps on infected devices.

Users are still required to remove them apps manually from their devices to completely eliminate the malware.

Protecting against Joker is very difficult. But if users show caution when installing apps that ask for broad permissions, they should be able to avoid getting infected.

"We recommend paying close attention to the permission list in the apps that you install on your Android device. Always watch out for the risky permissions related to SMS, call logs, contacts, and more. Reading the comment or reviews on the app page aslo helps identify compromised apps," advised the researchers at Zscaler.

Published: 
06/11/2020