Search This Blog

Showing posts with label Joker. Show all posts

WAP Fraud: Google Play Store Removes Android Apps Infected With Joker Malware

Google has now eliminated 17 infected android apps from its google play store. These apps contained the "Joker" malware, according to the findings by experts Zscaler. Joker is among the most effective malware that attacks Android applications.

The malware is infamous in the cybersecurity industry, but it always finds a new way to access Google's play store applications. Joker uses new codes, execution techniques, and retrieving methods to trespass the play store. The malware is used for stealing personal chats, contact information, call logs, and device data. Joker also secretly subscribes to users for premium WAP (wireless application protocol) services.

The research team at Zscaler kept an eye on the Joker spyware and recently noticed that the malware was uploaded continuously on the Google play store. It immediately informed Google about the issue, and the latter removed the 17 WAP apps with Joker malware from Google play store.

The Joker is also known as Bread malware. These infected android apps were uploaded last month on Google play store; however, they couldn't do much damage. Until the experts found these apps, the users downloaded them 1,20,000 times.

The 17 apps found with Joker malware are:
  1. All Good PDF Scanner 
  2. Hummingbird PDF Converter - Photo to PDF 
  3. Blue Scanner 
  4. Paper Doc Scanner 
  5. Part Message 
  6. Desire Translate 
  7. Talent Photo Editor - Blur focus 
  8. Care Message 
  9. Meticulous Scanner 
  10. Style Photo Collage 
  11. One Sentence Translator - Multifunctional Translator 
  12. Private SMS 
  13. Direct Messenger 
  14. Tangram App Lock 
  15. Unique Keyboard - Fancy Fonts and Free Emoticons 
  16. Mint Leaf Message-Your Private Message 
  17. All Good PDF Scanner 
Although the play store has disabled the apps, the users who might have downloaded the apps need to uninstall them manually. The malware uses the 'dropping' technique to avoid getting caught and sneak into google play store.

"We recommend paying close attention to the permission list in the apps that you install on your Android device. Always watch out for the risky permissions related to SMS, call logs, contacts, and more. Reading the comment or reviews on the app page also helps identify compromised apps," says researchers from Zscaler.

6 Malware Apps from Playstore has been banned by Google: Uninstall them from your device ASAP

The malware Joker was yet again caught making rounds on Playstore - Cybersecurity firm Pradeo identified at least six applications on the Playstore infected with Joker and now are banned from the same.

In July, Google had banned 11 apps containing the same malware. Joker also is known as Bread has been characterized as a fleeceware. These apps' sole purpose is to charge huge subscriptions and other fees to clients for the features and services they could avail for free. These apps though tricks the user they however neither steal your data nor do they run any malicious code hence fundamentally they are not malwares. Simply termed fleecewear are malicious apps hiding in "sheep's clothing". Joker malware prompts the user into paying for certain featured via SMS and has little malicious coding and is very hidden to be detected by Playstore security checks. 

The six Joker containing apps are- 
Safety AppLock, 
Convenient Scanner 2, 
Push Message- Texting & SMS, 
Emoji Wallpaper, 
Separate Doc Scanner
 and Fingertip GameBox. 

Since these apps do not contain malicious code it's hard for security to detect them, “Many of these samples appear to be designed specifically to attempt to slip into the Play Store undetected and are not seen elsewhere,” Google wrote. 

But Google is tightening the leash for apps notorious such as these. It announced earlier this year that developers will be required to make details of subscriptions, free trials, and introductory offers more precise and clear. "Part of improving the subscription user experience comes from fostering a trustworthy platform for subscribers; making sure they feel fully informed when they purchase in-app subscriptions," Angela Ying, Google product manager wrote in a blog.