Stay up to date

Stay up to date

Security Alert Mobile Application Security

New Joker malware detected on Google Play, 500.000+ users affected

Picture of Roxane Suau
By Roxane Suau on January, 20 2022
pradeo_int_app_lock_joker_malware2

This article is regularly updated with new mobile applications infected with Joker malware but yet available for download on Google Play. We always alert Google of our discoveries.


Updated on Thursday December 16th 2021

A mobile application called Color Message infected with Joker malware is currently available for download on Google Play and was installed by more than half a million users. The application appears to be making connections to Russian servers.

Joker is categorized as Fleeceware, as its main activity is to simulate clicks and intercept SMS to subscribe to unwanted paid premium services unbeknownst to users. By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect. In the last two years, the malware was found hiding in hundreds of apps.

Today, Pradeo identified another infected application on Google Play. Users are advised to immediately delete it from their device to avoid fraudulent activities.

 

Color Message

Google Play: https://play.google.com/store/apps/details?id=com.guo.smscolor.amessage

Package: com.guo.smscolor.amessage

Version 1.3

500.000+ installs

 

Our analysis of the Color Message application through the Pradeo Security engine shows that it accesses users’ contact list and exfiltrates it over the network. Simultaneously, the application automatically subscribes to unwanted paid services unbeknownst to users. To make it difficult to be removed, the application has the capability to hides it icon once installed.

The application’s very concise terms and conditions are hosted on an unbranded one page blog and do not disclose the extent of the actions the app can perform on users’ devices. One of the victims has even tried reaching out to the application’s developer through the comment section of the legal page, other users are directly complaining about the fraud in the comment section of the app on the store.

 

screencapture-play-google-store-apps-details-2021-12-16-15_11_21

 

Previous applications


Safety AppLock
Package: applock.safety.protect.apps
Version: 6.5
Installs: 10.000+

Capture d’écran 2020-08-31 à 10.00.14


Convenient Scanner 2
Package: com.convenient.scanner.tb
Version: 14.0.4
Installs: 100.000+

Capture d’écran 2020-08-31 à 10.00.04


Push Message-Texting&SMS
Package: sms.pushmessage.messaging
Version: 4.13
Installs: 10.000+

Capture d’écran 2020-08-31 à 09.59.50


Emoji Wallpaper
Package: tw.hdwallpaperthemes.emoji.wallpaper
Version: 14.3
Installs: 10.000+

Capture d’écran 2020-08-31 à 09.59.40


Separate Doc Scanner
Package: sk.pdf.separatedoc.scanner
Version: 2.0.74
Installs: 50.000+

Capture d’écran 2020-08-31 à 09.59.24


Fingertip GameBox
Package: com.theone.finger.games
Version: 3.0.7
Installs: 1000+

Capture d’écran 2020-08-31 à 09.59.09


 

For more information, write to roxane.suau@pradeo.com.

 

Get in touch with mobile security experts

Contact us