Sneaky, clever, and malicious. The Joker as people are calling it, is a malware that infects Android phones.
While Google Play Store is the official Android app store that is the most recommended by security experts, the app store is still riddled with malware, as malicious actors can still to put their apps there and claim victims.
And this time, yet another Joker-infected app was found.
According to a blog post by cybersecurity researchers at Pradeo Security, the app that had the name 'Color Message'. was downloaded by more than 500,000 users.
As advertised, the app offered users a way to personalize their default SMS messages.
"It makes texting easy, fun and beautiful," according to its Google Play listing. "Customize the theme quickly. The Color Message application has unique technology that can help you personalize your default SMS messenger."
But behind the scene, the app had sinister things in mind.
Once installed, the Color Message app could be used by users just like a normal app.
But unknown to users, the Joker that came with the app started doing three things:
First, it simulated clicks in order to generate revenue from malicious ads; Second, it subscribed users to unwanted paid premium services to steal money and committed billing fraud; and third, it also accessed users' contact lists to then send the stolen information to the attackers.
According to the researchers, evidence suggested that the stolen information is sent to servers hosted in Russia.
Pradeo said that Joker-laced apps can be difficult to detect as the malicious developers often use very little code. And more than often, the Joker code is concealed.
"By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect," said Pradeo's Roxane Suau.
And in this particular case, the Color Message app is hard to remove as it could also hide its own icon once it is installed.
Making it even sneakier, the app took advantage of a legitimate developer tool called Flutter to evade both device-based security and app-store protections.
As a malware, the Joker is a persistent threat that has been around since 2019, hiding itself inside legitimate-seeming, common apps like messaging apps, photo editors, translators and wallpapers, while many of them are games aimed at children.
Joker has been one of the most prevalent forms of malware to appear on the Android for various of reasons. But most notably, it's because the Joker can earn the developer of the apps some money, and allow them to also steal sensitive information.
Once installed, Joker apps can subscribe victims to unwanted, paid premium services controlled by the attackers (fleeceware). Often, the victim won't notice anything wrong until the mobile bill arrives.
Google has removed the Color Message app from Google Play Store. and those who have downloaded the app are urged to uninstall the app immediately.
This is far from the first time Joker has been detected in the Play Store.
Pradeo itself said that it has found hundreds of Joker-infected apps since 2019.
While Joker apps are removed from the Play Store as soon as they are found, given by how persistent those who are behind it, it's likely that malicious actors will try to distribute the malware again and again.
Read: 'Fleeceware', And How 'Good Apps' Take Advantage Of Google Play Policy Loopholes