Over 500,000 Android users have installed an app from the Google Play Store containing the Joker malware.

Cybersecurity experts from Pradeo discovered the malware in the ‘Color Message’ app, which prompted Google to remove it from its app marketplace. Before being taken down, the app had been downloaded and installed more than 500,000 times.

Color Message works by personalizing the default SMS app for Android users who want to customize how their messaging apps look and feel. But little did users know that it was only a front to spread the Joker malware.

After installation, the Joker malware simulates clicks on malicious ads that generate revenue for the attacker and subscribes victims to paid premium services which the user doesn’t know about. Contacts on the device are also sent to the hackers to gather information. According to the researchers, the stolen data is sent to servers in Russia afterward. 



Some users were able to notice the unauthorized behavior of the app, so they sent complaints and posted negative reviews in the Play Store listing. 

While Google Play has strict protocols in place to prevent malicious apps, the hackers were able to bypass them. 

“By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect,” says Roxane Suau of Pradeo.

Android users who have Color Message on their devices are urged to uninstall the app as soon as possible.

Source: ZDNet

Leave a comment

Your email address will not be published. Required fields are marked *