We’ve almost missed this one, but it’s important so we’re posting it now even though we are a bit late.
Over half a million Android users have installed an app called “Color Message” from Google’s Play Store that was used to deliver the Joker malware.
Cybersecurity researchers from Pradeo identified the app, which allowed users to personalize their default SMS messages. As soon as Google was notified, the app was removed from the Play Store.
As for the mentioned malware, Joker does three things:
- it simulates clicks in order to generate revenue from malicious ads;
- subscribes users to unwanted paid premium services to steal money and commit billing fraud; and
- accesses users’ contact lists and sends the information to attackers.
According to researchers, the stolen information is likely sent to servers hosted in Russia.
Some users have noticed that the app charges for services they didn’t request access to and that, obviously, produced negative reviews of the app on the Play Store.
What makes the Color Message app somewhat impressive is the way it manages to circumvent Google Play protocols that are designed to stop malicious apps from being published.
“By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect,” said Pradeo’s Roxane Suau.
This is not the first time the Joker malware has been detected in the Play Store with Pradeo saying it has been found in hundreds of apps in the past two years. What’s more, the cybersecurity firm believes more will come, so you better think twice before installing another app to your phone.