Security News > 2021 > December > Malicious Joker App Scores Half-Million Downloads on Google Play

The Joker malware is back again on Google Play, this time spotted in a mobile application called Color Message.

Joker apps subscribe victims to unwanted, paid premium services controlled by the attackers - a type of billing fraud that researchers categorize as "Fleeceware." Often, the victim is none the wiser until the mobile bill arrives.

"One of the victims has even tried reaching out to the application's developer through the comment section of the legal page, other users are directly complaining about the fraud in the comment section of the app on the store."

Malicious Joker apps are commonly found outside of the official Google Play store, but they've continued to skirt Google Play's protections.

Flutter is an open-source app development kit designed by Google that allows developers to craft native apps for mobile, web and desktop from a single codebase.

According to researchers at Zimperium, more than 1,800 Android applications infected with Joker have been removed from the Google Play store in the last four years.

News URL

https://threatpost.com/malicious-joker-app-downloads-google-play/177139/