Hackers often use every cloaking and obfuscation technique under the sun to host fraudulent and potentially malicious apps on the Google Play Store in an attempt to steal from users or generate illicit revenue. The latest discovery of infected applications on Google Play Store shows the store's struggle to prevent malicious activities on its platform.

Latest discoveries

Researchers with Pradeo found six apps infected with a malicious trojan named Joker malware (a.k.a. Bread).
  • The claimed functionalities of the infected apps ranged from text messaging to emoji wallpaper. Together, the apps accounted for nearly 200,000 installs.
  • During the initial upload to Google Play Store, the apps function as a genuine app. After being published in the store, the embedded Joker malware conducts billing fraud by either sending SMS texts to premium rate numbers or exploiting the compromised account to make multiple transactions using WAP billing.
  • The malicious apps are Convenient Scanner 2, Separate Doc Scanner, Push Message-Texting & SMS, Emoji Wallpaper, Safety AppLock, and Fingertip GameBox.

Joker playing its tricks

Malware such as Joker and Premium Dialer keep finding a way into Google Play Store as a result of small changes to their codes, which enable attackers to get past the store’s vetting processes and security barriers.
  • In July 2020, a variant of the Joker spyware hoodwinked its way onto the Google Play marketplace via 11 malicious Android applications.
  • In February 2020, Joker malware reappeared on the Google Play Store along with the Haken malware.

The bottom line

In general, the Google Play Store has always responded in a quick manner whenever such malicious or infected applications are flagged by security researchers. In fact, Google removed 17,000 Joker-infested apps from the Play store earlier this year. However, it is not possible for even tech giants like Google to block every threat with complete accuracy. Hence, experts advise users to use effective anti-malware solutions and immediately delete known malware apps whenever disclosed.

Cyware Publisher