Four more apps that infected thousands of Android devices with malware removed from Google Play store

The four apps have been downloaded a combined total of over 100,000 times. Users who have installed them are urged to delete them immediately.
Written by Danny Palmer, Senior Writer
Image: Getty

Four more Android applications downloaded over 100,000 times have been removed from the Google Play app store after security researchers said they were being used to deliver malware to smartphones.

The apps, which delivered Joker malware, have been identified by cybersecurity researchers at Pradeo, who reported them to Google. The applications have now been removed from the Play Store. 

Users who downloaded the apps have been warned to immediately delete them to avoid falling victim to fraud.  

SEE: A winning strategy for cybersecurity (ZDNet special report)

Three of the apps were published within the last month, while one was first published in November 2020 – although the researchers were unable to identify when it had been modified to deliver malware. 

Joker malware is designed to be discreet and difficult to detect by app stores, with its developers regularly switching their methods to bypass being discovered.  
This has allowed Joker to be successful – it's been found hiding in thousands of mobile applications and downloaded by millions of victims during the last three years

The main goal of Joker is to make money from victims who've inadvertently downloaded the malware and it does this committing fraud by making in-app purchases and sending SMS messages to premium rate numbers. 

Two of the apps were able to bypass multi-factor authentication to ensure that in-app purchases can be made. This is done via intercepting one-time passwords by intercepting notifications, reading SMS messages and taking screenshots. 

It's likely that users will only notice they've fallen victim to fraud when they receive their mobile phone bill, which could be weeks after infection. 

SEE: These are the cybersecurity threats of tomorrow that you should be thinking about today

While ad-click and in-app purchasing fraud is Joker's main means of making money, it also comes with the ability to install other apps on users' devices, which could potentially be used to deliver even more dangerous malware that could steal sensitive information or spy on smartphones. 

Malicious apps are designed to look legitimate, but Pradeo suggests there are some tell-tale signs that can alert users that what they might be about to download could be malware. These include how the developer accounts for each app, privacy policies being short and vague, and the apps never relating to a specific company name or website. 

ZDNet has attempted to contact Google for comment, but hadn't received a response at the time of publication. 


Editorial standards