Malicious Joker App Gets Half A Million Downloads

Joker malware is has been detected on Google Play, identified in a mobile application called Color Message and infected app has reportedly been downloaded more than 500,000 times before its removal from the Google App store. The application appears to be making connections to Russian servers.

Users are advised to immediately delete Color Message from their devices to avoid being defrauded, researchers at Pradeo Security have warned.

Joker is a persistent threat since 2017, hiding itself within legitimate-seeming, common application types like games, messengers, photo editors, translators and wallpapers, many of them aimed at children. But once installed, Joker apps subscribe victims to unwanted, paid premium services controlled by the attackers. The malware subscribes users to unwanted, premium services controlled by the attackers.

Analysis of the Color Message application through the Pradeo Security engine shows that it accesses users’ contact list and exfiltrates it over the network. Simultaneously, the application automatically subscribes to unwanted paid services unbeknown to users. 

Schemes of this nature are referred to as billing fraud further categorised as “fleeceware” and victims are usually unaware of the infection until their mobile bill arrives.

To make it difficult to be removed, the application has the capability to hides it icon once installed. In some cases, the apps also exfiltrate contact lists, device information, and perform other malicious actions such as hiding icons from the home screen, which is a function of the Color Message app, according to Pradeo researchers. 

Mobile protection firm Zimperium has detected the most recent version of the malware which takes advantage of a legitimate developer tool called Flutter to evade both device-based security and app-store protections.

Flutter is an open-source app development kit designed by Google that allows developers to craft native apps for mobile, web and desktop from a single codebase. The use of Flutter to code mobile applications is a common approach, and one that traditional scanners see as benign, according to Praedo.

Threatpost:      Oodaloop:     ITSecurityWire:    PCMag:       Dr.Web:         Pradeo:    

You Might Also Read:

Trojan Malware Installed On Millions Of Android Devices:

 

« Belgium’s Military Suffer From Log4j Attack
Cyber Attack On Britain’s Defence Academy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ComSec LLC

ComSec LLC

ComSec perform threat assessments to identify vulnerabilities and help protect businesses against corporate espionage via electronic eavesdropping.

AppRiver

AppRiver

AppRiver is a global provider of cloud-based email and web security solutions that protect businesses worldwide from today's ever-changing online threats.

CERT-SE

CERT-SE

CERT-SE is the national and governmental Computer Security Incident Response Team of Sweden.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

Sword GRC

Sword GRC

Sword GRC provides an award-winning platform for Governance, Risk and Compliance, made up of best-of-breed solutions that address the requirements of all enterprise market sectors.

Ipsidy

Ipsidy

Our identity platform enables mobile users to more easily authenticate their identity to a mobile phone or portable device of their choosing.

Nexcom International

Nexcom International

Nexcom operates six global businesses - IoT Automation, Intelligent Digital Security, Internet of Things, Intelligent Platform & Services, Mobile Computing Solutions, Network & Communications.

Exatel

Exatel

Exatel is Poland’s leading provider of ICT security services.

Valtori

Valtori

Government ICT Centre Valtori provides sector-independent ICT services for the central government, while taking into account the special requirements related to security and preparedness.

CyberLaw

CyberLaw

CyberLaw's world-class team of cyber security experts and legal practitioners offers unparalleled advice, consultancy and legal representation in the field of cyber security.

ITRenew

ITRenew

ITRenew is a leading global IT lifecycle management solutions company, specializing in onsite data center decommissioning and data erasure services.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

Aries Security

Aries Security

Aries Security provides a premiere cyber training range and skills assessment suite and develops content for all levels of ability.

Adarma Security

Adarma Security

Adarma are specialists in threat management including SOC design, build & operation.

10dot Cloud Security

10dot Cloud Security

10dot Cloud Security is a security service management company. Our solutions give you contextualised visibility into your network security.

RiskSmart

RiskSmart

RiskSmart empower risk, compliance, and legal teams with a tech-led and data-driven platform designed to save time, reduce costs and add real value to businesses.