The main goal of Joker is to make money from victims who've inadvertently downloaded the malware and it does this committing fraud by making in-app purchases and sending SMS messages to premium rate numbers.
Two of the apps were able to bypass multi-factor authentication to ensure that in-app purchases can be made. This is done via intercepting one-time passwords by intercepting notifications, reading SMS messages and taking screenshots.
It's likely that users will only notice they've fallen victim to fraud when they receive their mobile phone bill, which could be weeks after infection.
While ad-click and in-app purchasing fraud is Joker's main means of making money, it also comes with the ability to install other apps on users' devices, which could potentially be used to deliver even more dangerous malware that could steal sensitive information or spy on smartphones.
Malicious apps are designed to look legitimate, but Pradeo suggests there are some tell-tale signs that can alert users that what they might be about to download could be malware. These include how the developer accounts for each app, privacy policies being short and vague, and the apps never relating to a specific company name or website.
ZDNet has attempted to contact Google for comment, but hadn't received a response at the time of publication.