Security News > 2022 > July > Google pulls malware-infected apps in its Store, over 3 million users at risk

Google pulled 60 malware-infected apps from its Play Store, installed by more than 3.3 million punters, that can be used for all kinds of criminal activities including credential theft, spying and even stealing money from victims.

Zscaler's ThreatLabZ and security researcher Maxime Ingrao from fraud protection firm Evina discovered the downloader apps stuffed with software nasties including Joker, Facestealer, Coper, and Autolycos malware - the latter is a new family, according to Ingrao, who named and discovered Autolycos in eight different apps with more than three million downloads to Android devices.

The new malware strain, similar to Joker, steals SMS messages when downloaded and also unwittingly subscribes users to - and charges them for using - premium wireless application protocol services, Ingrao tweeted.

Zscaler's threat hunters this week said Google removed an additional 52 malware-infested apps on the Play Store, and 50 of them were used to deploy Joker, which has been an ongoing problem for Android devices.

The Joker-spreading apps were downloaded more than 300,000 times, according to security researchers Viral Gandhi and Himanshu Sharma, who provided a technical analysis of the three malware family payloads and listed all 50 Joker downloaders on a ThreatLabZ blog post.

"Most commonly, threat actors disguise the Joker malware in messaging applications that require users to grant escalated access permissions by allowing them to serve as the default SMS app on the user's phone," the threat hunters noted.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/19/google_malware_apps/