Each new day, Google removes malware-ridden apps on its Play Store. Cybersecurity firm CSIS Security Group recently revealed a new malware called Joker that has been engaging in ad fraud since June this year. The malware not only signed up users to premium subscription services but also stole their text messages, contact list and device information.
According to CSIS, the malware was found in 24 apps hosted on Google Play and has over 500, 000 downloads. Google has removed said apps from its play store.
Joker clouds the modus operandi of delivering the actual malicious payload from the C&C(command-and-control) server owned by the attacker. It generates as little footprint as it hides within advertisement frameworks used in the malware-ridden apps.
The malware silently clicks ads and seizes text messages that have the auth codes that verify payments.
If you have these apps listed below, delete them immediately:
- Advocate Wallpaper
- Certain Wallpaper
- Dazzle Wallpaper
- Spark Wallpaper
- Age Face
- Collate Face Scanner
- Rapid Face Scanner
- Leaf Face Scanner
- Print Plant scan
- Altar Message
- Climate SMS
- Ruddy SMS
- Declare Message
- Antivirus Security – Security Scan
- Beach Camera
- Cute Camera
- Display Camera
- Humour Camera
- Mini Camera
- Soby Camera
- Board picture editing
- Reward Clean
- Great VPN
- Ignite Clean
Google needs to do a better job of scrutinizing apps published on its app store plus extensively check sideloaded apps using its Play Protect feature. Hackers are now also embedding malware on preinstalled apps that come with a new device. Users are now getting sceptical of how malicious apps get past through them to be published on Google Play.