Update September 2nd: The infected applications have now been deleted from Google Play, but are still installed on the devices of their users.
Joker is a malicious bot (categorized as Fleeceware) which main activity is to simulate clicks and intercept SMS to subscribe to unwanted paid premium services unbeknownst to users. By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect.
In the last year, the malware was found hiding in hundreds of apps. Today, Pradeo once again identified infected applications on Google Play (listed below), showing the store's struggle to prevent malicious activities on its platform. Altogether, the 6 apps account for nearly 200.000 installs. Users are advised to immediately delete them from their device to avoid fraudulent activities.
Applications details
Safety AppLock
Package: applock.safety.protect.apps
Version: 6.5
Installs: 10.000+
Convenient Scanner 2
Package: com.convenient.scanner.tb
Version: 14.0.4
Installs: 100.000+
Push Message-Texting&SMS
Package: sms.pushmessage.messaging
Version: 4.13
Installs: 10.000+
Emoji Wallpaper
Package: tw.hdwallpaperthemes.emoji.wallpaper
Version: 14.3
Installs: 10.000+
Separate Doc Scanner
Package: sk.pdf.separatedoc.scanner
Version: 2.0.74
Installs: 50.000+
Fingertip GameBox
Package: com.theone.finger.games
Version: 3.0.7
Installs: 1000+
For more information, write to roxane.suau@pradeo.com.
