Joker returns to target Android users and pass Play Store security checks by hiding in apparently harmless apps. The latest infection with the Joker is called Color Message and was discovered by researchers from Pradeo Security. An aspect not to be overlooked to evaluate the seriousness of the incident: the app has totaled over 500,000 downloads, and is therefore still very popular among Android users who should uninstall it as soon as possible.
The removal of the app from the Play Store only happened yesterday, after the publication of the researchers’ report results, but in the meantime has reached a large number of devices. Color Message promised to improve SMS sending by adding images and emojis. In reality, the app hid Joker who, once he settled in the smartphone, began to carry out his fraudulent activities. More specifically, the app:
- without the user’s knowledge, subscribe to paid services;
- hides its icon to make uninstalling more complicated;
- accesses the smartphone owner’s contact list by stealing precious personal data;
- contacts Russian servers (where the command and control center that allows you to manage the malware is likely to be located).
Joker falls into the category of malware known as Fleeceware – they simulate user clicks and intercept SMS in an attempt to subscribe users to unwanted premium services. Detecting Joker is complicated because it leaves a tiny trace of its presence in the app code and because over time hackers have developed more sophisticated techniques to hide it. However, these cannot represent justifications for not stepping up checks also because Joker is one of the most well-known cyber threats in the Android landscape, it has existed and has continued to strike for years and there still do not seem to be valid measures to eliminate it completely.