Remove More of These Android Apps With Joker Malware

Cybersecurity researchers at Zscaler recently found 17 dubious apps containing the Joker malware on the Google Play store. Researchers have reported apps that are now banned and disabled by Google Play services, but you may also need to manually remove them from your devices. Here’s a complete list:

  • PDF Scanner All Good
  • Blue Scanner
  • Leaving message
  • Desire translate
  • Direct messenger
  • Hummingbird PDF Converter – Photo to PDF
  • Thorough scanner
  • Mint Leaf Message – Your private message
  • Single Sentence Translator – Multifunctional Translator
  • Paper Document Scanner
  • Part Post
  • Private SMS
  • Style Photo Collage
  • Talent Photo Editor – Blur Focus
  • Tangram App Lock
  • Unique keyboard – fancy fonts and free emojis

Fortunately, these apps haven’t been available long enough to accumulate a large number of downloads, but you’ll still want to remove them from your phone if you’re one of the few to grab them.

However, of great concern is how these applications infected devices. The popular Joker malware was used in each of the 17 applications. Joker Apps subscribe the user to premium Wireless Application Protocol (WAP) services without their knowledge, which are used to exchange data between them. Hackers use WAP services to steal your phone’s stored contact information and other sensitive data, read and copy text messages, install other malware, and more.

These applications combine permissions and malicious code to carry out these attacks, which are usually detected and blocked by Google Play services. However, joker apps hide their malicious activity and do not contain dangerous code – at least not at first.

During installation, apps are asked for excessive permissions not related to its declared functionality, but they will not do anything with the specified permissions for the first few days of the app installation. After a few days, the application downloads and installs the malware. This process is also known as a “dropper attack”.

Dropper attacks are simple, but can easily slip past Google crawls unnoticed, so users need to make sure they don’t accidentally download a sketchy app. Check the permissions in advance on the app download page on Google Play, and note what permissions the app asks for during installation and on first use. If an app wants to use a feature or access data not related to its core functionality, say no and uninstall it.

More…

Leave a Reply