Recently, Google removed 11 apps from Play Store for injecting notorious Joker malware. The search engine has been tracking these apps since 2017.
A new variant of the Joker malware present inside legitimate apps was discovered by Check Point researchers. The hackers found a way to enable users to subscribe to premium services without the latter’s knowledge. Through developing the old way of getting inside apps, the hackers could easily pass through Google Play’s protections.
The Joker malware has been detected in 11 apps on the Google Play Store. Check Point stated that these apps have been removed by Google from its App Store. It was suggested to the Android users who may have been using these apps should uninstall them immediately on the grounds of safety. The list of malware infected apps include –
- com.imagecompress.android
- com.contact.withme.texts
- com.hmvoice.friendsms
- com.relax.relaxation.androidsms
- com.cheery.message.sendsms (two different instances)
- com.peason.lovinglovemessage
- com.file.recovefiles
- com.LPlocker.lockapps
- com.remindme.alram
- com.training.memorygame
Ashish Das, Director Research at Social Media Matters also recommends to only download apps from trusted developers. He comments, “From SMS fraud to Toll/WAP billing Joker malware tricks users to subscribe to premium services without their knowledge and consent. It has notification listening through which it reads and intercepts including the SMS. Google has been tracking and removing 1700+ Apps since 2017. But it keeps on evading and adapting relying on device verification bypassing the user interaction.” He advises, “download apps only from the trusted developers, uninstall infected files and Apps, if any and keep a regular check on your mobile and card bills.”
According to CheckPoint, despite Google Play’s security features, Joker malware is still very tricky to detect. And it may very well make it back to the Play Store. Arnika Singh, Programme Manager at Social Media Matters, emphasizes on the need for creating awareness models to inform the user about the cyber security threats. She says, “The security of users is at risk in the online spaces for a long time now. The Joker malware has once again brought cyber security in discourse and it’s high time that awareness models are created to efficiently reach out to all the users to inform them of the possible threats which prevail in the cyber world.” She further adds, “the information shared on security, needs to scale up as soon as possible as the use of the internet is increasing rapidly by every passing day.”
Google released a report earlier in 2020 which stated that around 1,700 malicious “Bread” apps were detected and removed from Play Store. These Bread apps consist of the Joker malware. Rayyan Yunus, Research & Training Associate at Social Media Matters says, “The new cyber security risk known as Joker (or Bread) seems to be a matter of concern. The entire world is moving towards technology and this malware found its way to be on our phone through Google Play store protections.” He further points out, “I also know that highly fragile and important information linked to bank accounts are stored in our devices and what I learned from the reports that this malware easily hides in our devices under the disguise of a genuine application to stealthily subscribe for premium services without our knowledge.” He also adds, “Though the good news is Google Play removed these malicious apps from the play store but we must act towards strengthening online security as this type of malwares can be expected in future.”
Whereas, Google claimed that these apps were removed even before users could download it. The Joker malware has however been lurking around for a long time with Google tracking such apps since 2017. Vikram Singh who is a Web Manager at Social Media Matters says, “I appreciate the fact that Google was active on the issue of Joker Malware and took some immediate measures. When it comes to cyber security, action has to be immediate as we all know that the threat multiplies rapidly in this space. There has to be continuous dialogue and awareness for the protection of users in the online spaces.” Vishal Chauhan, Video Editor at Social Media Matters also feels it as a commendable action by the search engine. According to Vishal, “I think this is excellent work done by google to remove these apps. I urge them to work against these types of apps in future. I think it’s a good practice to improve google play protection as hackers are becoming smart.”
Pratishtha Arora, Programme Manager, Social Media Matters states “Check, confirm and download! Recently Google Play Store removed 11 apps which were injected with a malware 'Joker'. Where we are advancing with technology we also need to be aware about the malicious apps which could harm us in many ways. This has brought cyber security in discussion. While we sign up for any application we usually don't go through the terms and conditions specified. It's recommended that applications are only downloaded from trusted sources and make sure it's verified. We also need more stringent mechanisms to check on the safety of the applications.”
Aviran Hazum Manager of Mobile Research said, “Joker adapted. We found it hiding in the “essential information” file every Android application is required to have. Our latest findings indicate that Google Play Store protections are not enough. We were able to detect numerous cases of Joker uploads on a weekly basis to Google Play, all of which were downloaded by unsuspecting users.” He further added, “The Joker malware is tricky to detect, despite Google’s investment in adding Play Store protections. Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again. Everyone should take the time to understand what Joker is and how it hurts everyday people."