Joker Malware Containing App Downloaded Half Million Times from Google Play Store

Mobile security research firm Pradeo has discovered the infamous Joker malware in an Android app named Color Message. This highly dangerous app has over 500,000 downloads. As for the Joker malware, it is assumed that it has been active for at least two years. Pradeo reports that the Joker malware is categorized as a Fleeceware. The main activity of this malware is to simulate clicks and intercept SMS in order to subscribe to unwanted premium paid services without the knowledge of the user.

The Joker malware uses very little code. It leaves nearly undetectable discrete footprint, since it is incredibly good at hiding. Moreover, Pradeo reported that the Joker malware has been found hidden in over hundreds of apps. The latest app with malware to join the list is Color Message. This app was detected connecting to Russian-hosted servers.

Google has already removed the app from Google Play Store. Screenshots shared by Pradeo has shown that Color Message was disguised as a messaging platform which was supposed to make texting fun, easy, and aesthetically pleasant. On Google Play Store, the average rating of the app was 4.1 stars in spite of many reviewers who have provided 1-star rating for Color Message. Pradeo has revealed that their analysis showed that the app had been accessing users’ contact lists as well as moving it over the network, in the process, taking the data while being unauthorized. Moreover, the Color Message app had also been automatically subscribing to unwanted premium services without the user knowing. The mobile security research company has further added that the app itself also made it difficult to be removed.

Upon being downloaded, the app attempts to hide its icon in order to make it harder to uninstall. Earlier, many apps that containing the Joker malware, downloaded between 1,000 to 100,000 times, needed to be removed from the app store. Once users uninstall the app, however, it also removes the malware.