Google removes 17 apps from Play Store after cloud security firm cautions of malware causing WAP fraud

Researchers at Zscaler ThreatLabZ had been constantly monitoring the Joker malware and that was how they came across these malicious apps.

In January, Google had said that Joker was among the most persistent malware threatening its users.
Google had last week set September 30, 2021, as the deadline for developers to comply with its existing billing policy.

Android apps: Tech giant Google last week removed as many as 17 apps from its Play Store, after they were found to be infected with malware. Security researchers from Zscaler found that the 17 apps were infected by Joker or Bread malware. These apps had been uploaded on the Play Store this month itself, and were downloaded around 1.2 lakh times before they were detected, Zscaler said in a post. The cloud security company said that once it informed Google about the malicious apps, the tech giant promptly took them down before they could target any more users.

The statement said that the researchers at Zscaler ThreatLabZ had been constantly monitoring the Joker malware and that was how they came across these malicious apps that were regularly uploaded to the Google Play Store in September this year.

The 17 apps removed by Google, as listed by Zscaler, are:

  1. All Good PDF Scanner
  2. Mint Leaf Message-Your Private Message
  3. Unique Keyboard – Fancy Fonts & Free Emoticons
  4. Tangram App Lock
  5. Direct Messenger
  6. Private SMS
  7. One Sentence Translator – Multifunctional Translator
  8. Style Photo Collage
  9. Meticulous Scanner
  10. Desire Translate
  11. Talent Photo Editor – Blur focus
  12. Care Message
  13. Part Message
  14. Paper Doc Scanner
  15. Blue Scanner
  16. Hummingbird PDF Converter – Photo to PDF
  17. All Good PDF Scanner

Google removes apps: About Joker Malware

The cloud security firm said that Joker is among the most prominent malware and it continually attacks Android-based devices. Even though Google is aware of the malware, it is hard for the tech giant to protect its users from the malware since Joker keeps returning to Google Play Store by changing its code, payload-retrieving techniques or its execution methods. The malware aims to steal contact lists, device information and SMS messages from the affected phone while also signing up the affected user for premium services of wireless application protocol (WAP).

This action is the third one taken by the tech giant over the past few months against the apps affected by the malware. In the beginning of September, Google had removed six Joker-infected apps after security researchers from a different firm informed the tech giant about the threat.

Earlier in July also, Google had removed a batch of apps, after being alerted by a third firm’s security researchers. The batch removed in July had been uploaded in March and it had infected millions of users before being detected.

The app sneaks around Google’s security mechanism through a technique called ‘droppers’.

The authors of the malware copy the functionality of a legitimate app and upload it on the Google application market. Fully functional, the app asks for permissions. However, it does not infect the device when run for the first time. Due to the delay in the launch of the malware by hours or days, the security scans run by Google do not catch the malicious code, and the tech giant allows the app to be listed on the Play Store.

Once the app is on the users’ devices, it eventually downloads (or drops) other components that lead to the installation of the Joker malware, thus compromising the privacy and security of the users.

In January, Google had said that Joker was among the most persistent malware threatening its users and stated that it had removed, by then, over 1,700 apps infected by the malware.

Zscaler, giving its word of caution, told users to keep an eye on the permissions that any apps were seeking, and look out for suspicious permissions like SMS messages, contacts or call logs, as it could be an indicator of a malicious app.

Get live Stock Prices from BSE, NSE, US Market and latest NAV, portfolio of Mutual Funds, Check out latest IPO News, Best Performing IPOs, calculate your tax by Income Tax Calculator, know market’s Top Gainers, Top Losers & Best Equity Funds. Like us on Facebook and follow us on Twitter.

Financial Express Telegram Financial Express is now on Telegram. Click here to join our channel and stay updated with the latest Biz news and updates.