Sunday, February 25, 2024

500,000+ Android Users Downloaded a New Joker Malware App from Play Store

A malicious Android app with more than 500,000 downloads from the Google Play app store has been found hosting malware that stealthily exfiltrates users’ contact lists to an attacker-controlled server and signs up users to unwanted paid premium subscriptions without their knowledge.

The latest Joker malware was found in a messaging-focused app named Color Message (“com.guo.smscolor.amessage”), which has since been removed from the official app marketplace. In addition, it has been observed simulating clicks in order to generate revenue from malicious ads and connecting to servers located in Russia.

Color Message “accesses users’ contact list and exfiltrates it over the network [and] automatically subscribes to unwanted paid services,” mobile security firm Pradeo noted. “To make it difficult to be removed, the application has the capability to hides it icon once installed.”

“We is [sic] committed to ensuring that the app is as useful and efficient as possible,” the developers behind Color Message state in their terms and conditions. “For that reason, we reserve the right to make changes to the app or to charge for its services, at any time and for any reason. We will never charge you for the app or its services without making it very clear to you exactly what you’re paying for.”

Joker, since its discovery in 2017, has been a notorious fleeceware infamous for carrying out an array of malicious activities, including billing fraud and intercepting SMS messages, contact details, and device information unbeknownst to users.

Android Malware
Rogue Apps

The rogue apps have continued to skirt Google Play protections using a barrage of evasion tactics to the point that Android’s Security and Privacy Team said the malware authors “have at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected.”

Bookmark
Close
Recommended:  Hacktivists Claim Ransomware Strike on Belarus Railway Intended to Disrupt Russian Forces
Please login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security