Joker malware applications reach 500k downloads on the Google Play store

Messaging app hides the threat with contact exfiltrating functions

Joker Apps data exfiltration methodsThe latest Joker malware was found in a messaging-focused app named Color Message.

At least half a million people have downloaded a malicious Android app Joker from the Google Play app store. The app has been found dangerous as it seems to be able to sneakily exfiltrate users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge.[1]

It is not the first time that the Joker app was spotted online. This time it is found in a mobile messaging-focused app called Color Message. It seems that not only personal information was leaked and unwanted subscriptions made but the app was used to simulate clicks in order to generate revenue from malicious ads and connecting to servers located in Russia.

The app was downloaded more than 500,000 times before its removal from the store. Yet, users are still in danger. The app is quite difficult to get rid of as it is capable of hiding behind its icon once it is already installed on the device. If possible, experts strongly advise immediately deleting Color Message from their devices in order to to avoid being defrauded.[2]

Joker malware is frequent on a Google Play platform

Apps like Color Message seem to be attractive to a wide audience. That is why hackers seem to use them for their malicious schemes. Color Message would offer the ability to change the messaging game with quite a range of fun emojis, colors, and screen overlays. Before the Joker malware situation, the app had great reviews with a rating of four stars.

Of course, now the app is long gone from Google Play. Yet, some users probably downloaded the infected app and only, later on, noticed some strange things. That would explain some negative reviews as well as some users complaining about being charged for services they didn't request access to.

It is known that Joker is frequently being spotted on the Google Play platform. The malware first appeared back in 2017 and was responsible for various problems, like billing fraud and intercepting SMS messages or contact details.[3] Google Play does have a security system to stop malicious apps, but hackers evolve, and now apps bypass most security.

In the most recent times, Joker uses the tool Flutter. It helps to evade device-based security and app-store protections. Flutter is an open-source app development kit. It is a product of Google. Flutter is widely used to mobile code applications. In theory, Flutter should help to avoid leakage of sensitive data or unauthorized access to the app.[4]

Mobile threats are becoming more common with each day

Malware is intrusive software developed by hackers. Their hope is to steal private data and cause severe damage or even completely destroy computers and computer systems. Probably some of the best-known malware are different viruses, worms, Trojan viruses, spyware, adware, and ransomware. Each has its dangers and threats to users.

In recent years, malware attacks are becoming more and more frequent, and even more dangerous than usual. A massive amount of sensitive data is frequently stolen. To avoid malware attacks, an antivirus system is a must.[5] Additionally, users must frequently scan their network and remove any and all untrusted programs or apps.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions