Update: The app “Int App Lock” has now been deleted from Google Play and added to global antiviral databases.
Joker is a malware that silently exfiltrates data and subscribes users to unwanted premium subscription. In September, the malware was found in 24 apps on Google Play. Last week, Pradeo researchers identified another infected application still featured on Google Play. The app called Int App Lock, a tool intended to lock access to some data with a PIN code, was installed on 10,000+ devices. Users are advised to immediately delete it from their device.
Fraud and data leakage
Int App Lock hosts a malware called Joker, a malicious bot which main activity is to simulate clicks and intercept SMS to subscribe to paid premium services unbeknownst to users. By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect.
Despite that fraud program, Int App Lock also accesses and exfiltrates contact list and device information to send them to 11 external servers, including some highly suspicious ones based in Turkey and Israel.
App details
- Name: Int App Lock
- Package: com.int.app.locker
- Version: 1.0.2
- Rated 1.5/5 on Google Play
- 10,000+ installs
For more information, write to romain.chassere@pradeo.com.