Google has again removed a rogue Android app containing the Joker malware. Worse, the app had been downloaded more than 500,000 times before it was kicked from the Google Play Store.
The application, called Color Message, was discovered by researchers from Pradeo Security. The app offers functions such as adding emojis and blocking spam SMS.
In its report, Pradeo Security said Color Message contained the Joker malware that had infected millions of Android devices before. This malicious malware can drain victims' pockets without their knowledge.
In the review column of the Color Message page on the Google Play Store, several users complained that their pulses were being sucked out. Not only that, Color Message also sends the victim's phone number to a server located in Russia.
"Our analysis of the Color Message application via the Pradeo Security tool shows that this application can access the user's contact list and extract it over the network," Pradeo Security said in a blog post, as quoted from Ars Technica, Friday (17/12/2021).
"At the same time, the application automatically registers for unwanted paid services without the user's knowledge. To make it difficult to remove, this application is able to hide its icon once installed," he continued.
Not only does it send the user's contacts to a foreign server and suck up the user's balance, the Color Message application also doesn't reveal the extent of the actions that can be performed on the user's device.
Joker is malware that belongs to the fleeceware category. This malware simulates clicking and intercepting incoming SMS in order to register users for premium services without their knowledge.
Joker is difficult to trace due to its very small code footprint and the techniques its developers use to hide this malware. In recent years, the Joker has been found hiding in hundreds of apps that have been downloaded millions of times.
The discovery of Pradeo Security also shows how rogue apps can still penetrate the security of the Google Play Store. While Google always scans for malware in apps and proactively removes malicious apps, there are still some that continue to escape its scrutiny.
As usual, Android users are advised to always be careful when downloading applications, even through the Google Play Store. We recommend that you only download applications from developers who are trusted and have genuine positive reviews
