Security News > 2021 > December > Over 500,000 Android Users Downloaded a New Joker Malware App from Play Store
A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users' contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge.
The latest Joker malware was found in a messaging-focused app named Color Message, which has since been removed from the official app marketplace.
Color Message "Accesses users' contact list and exfiltrates it over the network [and] automatically subscribes to unwanted paid services," mobile security firm Pradeo noted.
"For that reason, we reserve the right to make changes to the app or to charge for its services, at any time and for any reason. We will never charge you for the app or its services without making it very clear to you exactly what you're paying for."
Joker, since its discovery in 2017, has been a notorious fleeceware infamous for carrying out an array of malicious activities, including billing fraud and intercepting SMS messages, contact details, and device information unbeknownst to users.
The rogue apps have continued to skirt Google Play protections using a barrage of evasion tactics to the point that Android's Security and Privacy Team said the malware authors "Have at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected."
News URL
https://thehackernews.com/2021/12/over-500000-android-users-downloaded.html
Related news
- Necro Android Malware Found in Popular Camera and Browser Apps on Play Store (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)
- Android malware 'Necro' infects 11 million devices via Google Play (source)
- Necro malware continues to haunt side-loaders of dodgy Android mods (source)
- New Octo Android malware version impersonates NordVPN, Google Chrome (source)
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)