Last week, Google removed up to 17 apps from its Play Store, after they were found to be infected with malware. Zscaler security researchers discovered that all 17 apps were infected with the Joker or Bread malware
These apps had been uploaded on the Play Store this month itself, and were downloaded around 1.2 lakh times before they were detected, Zscaler said during a post. The cloud security company said that when it informed Google about the malicious apps, the tech giant promptly took them down before they may target any further users.
The statement said that the researchers at Zscaler ThreatLabZ had been constantly monitoring the Joker malware which was how they found these malicious apps that were regularly uploaded to the Google Play Store in September this year.
These 17 apps below which removed by Google,
- All Good PDF Scanner
- Mint Leaf Message-Your Private Message
- Unique Keyboard – Fancy Fonts and Free Emoticons
- Tangram App Lock
- Direct Messenger
- Private SMS
- One Sentence Translator – Multifunctional Translator
- Style Photo Collage
- Meticulous Scanner
- Desire Translate
- Talent Photo Editor – Blur focus
- Care Message
- Part Message
- Paper Doc Scanner
- Blue Scanner
- Hummingbird PDF Converter – Photo to PDF
- All Good PDF Scanner
The cloud security firm said that Joker is among the foremost prominent malware and it continually attacks Android-based devices. albeit Google is awake to the malware, it’s hard for the tech giant to guard its users from the malware since Joker keeps returning to Google Play Store by changing it’s code, payload-retrieving techniques or its execution methods.
The malware aims to steal contact lists, device information, and SMS messages from the affected phone while enrolling the affected user in premium wireless application protocol (WAP) services.
This action is that the third one taken by the tech giant over the past few months against the apps suffering from the malware. within the beginning of September, Google had removed six Joker-infected apps after security researchers from a special firm informed the tech giant about the threat.
Earlier in July also, Google had removed a batch of apps, after being alerted by a 3rd firm’s security researchers. The batch removed in July had been uploaded in March and it had infected many users before being detected.
The app sneaks around Google’s security mechanism through a way called ‘droppers’.
Malware authors copy the functionality of a legitimate application and upload it to the Google App Marketplace. Fully functional, the app asks for permissions. However, it doesn’t infect the device when run the primary time. because of the delay within the launch of the malware by hours or days, the safety scans travel by Google don’t catch the malicious code, and therefore the tech giant allows the application to appear in the Play Store.
Once the app is on the users’ devices, it eventually downloads (or drops) other components that cause the installation of the Joker malware, thus compromising the privacy and security of the users.