Researchers at Zscaler ThreatLabZ had been constantly monitoring the Joker malware and that was how they came across these malicious apps.
Android apps: Tech giant Google last week removed as many as 17 apps from its Play Store, after they were found to be infected with malware. Security researchers from Zscaler found that the 17 apps were infected by Joker or Bread malware. These apps had been uploaded on the Play Store this month itself, and were downloaded around 1.2 lakh times before they were detected, Zscaler said in a post. The cloud security company said that once it informed Google about the malicious apps, the tech giant promptly took them down before they could target any more users.
The statement said that the researchers at Zscaler ThreatLabZ had been constantly monitoring the Joker malware and that was how they came across these malicious apps that were regularly uploaded to the Google Play Store in September this year.
The 17 apps removed by Google, as listed by Zscaler, are:
- All Good PDF Scanner
- Mint Leaf Message-Your Private Message
- Unique Keyboard – Fancy Fonts & Free Emoticons
- Tangram App Lock
- Direct Messenger
- Private SMS
- One Sentence Translator – Multifunctional Translator
- Style Photo Collage
- Meticulous Scanner
- Desire Translate
- Talent Photo Editor – Blur focus
- Care Message
- Part Message
- Paper Doc Scanner
- Blue Scanner
- Hummingbird PDF Converter – Photo to PDF
- All Good PDF Scanner
Google removes apps: About Joker Malware
The cloud security firm said that Joker is among the most prominent malware and it continually attacks Android-based devices. Even though Google is aware of the malware, it is hard for the tech giant to protect its users from the malware since Joker keeps returning to Google Play Store by changing its code, payload-retrieving techniques or its execution methods. The malware aims to steal contact lists, device information and SMS messages from the affected phone while also signing up the affected user for premium services of wireless application protocol (WAP).
This action is the third one taken by the tech giant over the past few months against the apps affected by the malware. In the beginning of September, Google had removed six Joker-infected apps after security researchers from a different firm informed the tech giant about the threat.
Earlier in July also, Google had removed a batch of apps, after being alerted by a third firm’s security researchers. The batch removed in July had been uploaded in March and it had infected millions of users before being detected.
The app sneaks around Google’s security mechanism through a technique called ‘droppers’.
The authors of the malware copy the functionality of a legitimate app and upload it on the Google application market. Fully functional, the app asks for permissions. However, it does not infect the device when run for the first time. Due to the delay in the launch of the malware by hours or days, the security scans run by Google do not catch the malicious code, and the tech giant allows the app to be listed on the Play Store.
Once the app is on the users’ devices, it eventually downloads (or drops) other components that lead to the installation of the Joker malware, thus compromising the privacy and security of the users.
In January, Google had said that Joker was among the most persistent malware threatening its users and stated that it had removed, by then, over 1,700 apps infected by the malware.
Zscaler, giving its word of caution, told users to keep an eye on the permissions that any apps were seeking, and look out for suspicious permissions like SMS messages, contacts or call logs, as it could be an indicator of a malicious app.