Security News > 2021 > December > Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store

A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge.

The latest Joker malware was found in a messaging-focused app named Color Message, which has since been removed from the official app marketplace.

Color Message "Accesses users' contact list and exfiltrates it over the network [and] automatically subscribes to unwanted paid services," mobile security firm Pradeo noted.

"For that reason, we reserve the right to make changes to the app or to charge for its services, at any time and for any reason. We will never charge you for the app or its services without making it very clear to you exactly what you're paying for."

Joker, since its discovery in 2017, has been a notorious fleeceware infamous for carrying out an array of malicious activities, including billing fraud and intercepting SMS messages, contact details, and device information unbeknownst to users.

The rogue apps have continued to skirt Google Play protections using a barrage of evasion tactics to the point that Android's Security and Privacy Team said the malware authors "Have at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected."

News URL

https://thehackernews.com/2021/12/over-500000-android-users-downloaded.html