Published in News

Google takes down 17 infected apps from Play Store

by on28 September 2020

Infected with Joker malware

Google has removed this week 17 Android applications from the official Play Store which were infected with Joker malware.

The 17 apps were spotted by security researchers from Zscaler and designed to steal SMS messages, contact lists, and device information, along with silently signing up the victim for premium wireless application protocol (WAP) services.

Zscaler security researcher Viral Gandhi said the apps were uploaded on the Play Store this month and didn't get a chance to gain a following, having been downloaded more than 120,000 times before being detected.

The names of the 17 apps were:

All Good PDF Scanner
Mint Leaf Message-Your Private Message
Unique Keyboard - Fancy Fonts & Free Emoticons
Tangram App Lock
Direct Messenger
Private SMS
One Sentence Translator - Multifunctional Translator
Style Photo Collage
Meticulous Scanner
Desire Translate
Talent Photo Editor - Blur focus
Care Message
Part Message
Paper Doc Scanner
Blue Scanner
Hummingbird PDF Converter - Photo to PDF
All Good PDF Scanner

Google removed the apps from the Play Store, used the Play Protect service to disable the apps on infected devices, but users still need to manually intervene and remove the apps from their devices. But it is starting to look like Google apps are being bothered by Joker-infected apps lately. This is the third time a batch of them has had to be removed.

They sneak their way past Google's defences and reach the Play Store using a technique called "droppers," where the victim's device is infected in a multi-stage process.

Malware authors begin by cloning the functionality of a legitimate app and uploading it on the Play Store. This app is fully functional, requests access to dangerous permissions, but also doesn't perform any malicious actions when it's first run. Because the malicious actions are usually delayed by hours or days, Google's security scans don't pick up the malicious code, and Google usually allows the app to be listed on the Play Store.

But once on a user's device, the app eventually downloads and "drops" (hence the name droppers, or loaders) other components or apps on the device that contain the Joker malware or other malware strains.


Last modified on 28 September 2020
Rate this item
(0 votes)

Read more about: