Joker malware identified in Google Play Store app downloaded 500,000 times

What just happened? Joker has been one of the most prevalent forms of malware to appear on the Android store, and it’s just been found hiding in another app, one that was downloaded 500,000 times. As with other Fleeceware, it signed users up to premium services without their knowledge.

Cybersecurity researchers at Pradeo regularly update an article identifying mobile applications available on the Google Play Store infected with Joker malware. The latest entry, which came yesterday, highlighted an app called Color Message.

Color Message was ostensibly an application that allowed people to personalize their default SMS messages. It was downloaded by 500,000 unsuspecting Android users who likely discovered its real purpose after it was too late.

Joker’s primary goal is to surreptitiously subscribe victims to premium services. It does this by simulating clicks and intercepting SMS messages. It can also steal SMS message content, contact lists, and device information

Pradeo writes that Joker can be difficult to detect as it uses very little code and conceals it thoroughly. The Color Message app is hard to remove as it can hide its own icon once installed.

As with many apps hiding malware, the negative user comments on the Play Store were a good indication of something being wrong. There’s also a comment on the app’s terms and conditions page from a user asking how to unsubscribe.

Google has now removed Color Message, and those who have downloaded it are advised to uninstall the application immediately.

Joker has wormed its way onto hundreds of Play Store apps over the years, the most recent example of which came in October when a fake Squid Game app downloaded thousands of times was found to contain the malware.