Joker Malware: The Joker Malware has been discovered by mobile security research firm Pradeo in an Android-based app called Color Message. The app has been downloaded over 5 lakh times. Meanwhile, the Joker Malware has been active for the past two years, at the very least. According to Pradeo, Joker Malware has been categorised as a Fleeceware with its main activity being simulation of clicks and interception of SMS to subscribe to premium paid services that are unwanted by the user. All of this is done by the Joker Malware without the users being aware of such actions taking place.
The malware uses as little code as possible and moreover, it hides it thoroughly, leading to a very discreet footprint which can be very difficult to detect. What’s more is that over the past two year, the Joker Malware was found to be hidden in hundreds of apps, Pradeo said.
Color Message, the app in which the malware has now been detected, was found to be connecting to servers hosted in Russia. While Google has now removed the app from Google Play Store, the screenshots that Pradeo shared show that the app had been disguised as a messaging platform meant to make texting fun, beautiful as well as easy. The average score of the app, moreover, was 4.1 stars despite the fact that many reviewers had left only 1-star rating for Color Message.
The mobile security firm said that its analysis of the app showed that it was accessing users’ contact lists and moving it over the network, taking the data in an unauthorised manner. Meanwhile, the app was also automatically subscribing to unwanted paid premium services without the user knowing. Pradeo also said that the app also made it difficult for users to remove it, as it had the ability to hide its icon after being installed on the device.
Previous apps that contained Joker Malware had been downloaded between 1,000 to 1 lakh times before they were removed from the app store, the firm added.
However, it does seem like once users remove the app, the malware can also be removed.