What just happened? Joker is one of the most common forms of malware appearing on the Android store and was recently discovered in another app that has been downloaded 500,000 times. As with other Fleeceware, he signed users up for premium services without their knowledge.
Cybersecurity researchers in Pradeo regularly update articles that identify mobile apps available in the Google Play store that are infected with the Joker malware. The last post that came up yesterday highlighted an application called Color Message.
Color Message was supposedly an app that allowed people to personalize their default SMS messages. It was downloaded by 500,000 unsuspecting Android users who probably discovered its true purpose after it was too late.
The Joker’s main goal is to secretly sign victims for premium services. It does this by simulating clicks and intercepting SMS messages. It can also steal SMS content, contact lists and device information.
Pradeo writes that the Joker is difficult to detect because it uses very little code and hides it carefully. Color Message app is difficult to uninstall as it may hide its own icon after installation.
Google removed Color Message and those who downloaded it are advised to uninstall the app immediately.
Joker has infiltrated hundreds of Play Store apps over the years, most recently in October when the fake Squid Game app, downloaded thousands of times, was found to contain malware.
h / t: ZDNet