Security News > 2022 > July > Google Boots Multiple Malware-laced Android Apps from Marketplace

Google has removed eight apps from its Google Play store that were propagating a new variant of the Joker spyware, but not before they already had garnered more than 3 million downloads.

The trojan would hide in the advertisement frameworks utilized by the malicious apps propagating it; these frameworks aggregate and serve in-app ads.

After the apps with Joker were installed, they would show a "Splash" screen, which would display the app logo, to throw off victims while performing various malicious processes in the background, such as stealing SMSes and contact lists as well as performing ad fraud and signing people up for subscriptions without their knowledge.

While Ingrao discovered the offending apps in July 2021 and reported them to Google quickly, he told BleepingComputer that the company took six months to remove six of the apps.

Artnz was critical of the lag time between discovery and removal, though he did not speculate as to the reason why, noting only that "The small footprint and masked usage of APIs must make it hard to find malicious apps among the multitude of apps that can be found in the Google Play Store."

The company has a storied history of struggling to keep malicious apps-in particular fleeceware-off its mobile app store for the Android platform.

News URL

https://threatpost.com/google-boots-malware-marketplace/180241/