Google has removed 17 apps from its Play Store, which were Joker malware-infected and had around 120,000 downloads already.
Joker malware, aka, Bread monitors the person’s SMS messages, contact lists, and device information which then subscribes to the paid subscriptions automatically without the user’s consent.
Joker malware has invaded the Google Play Store several times in the past. Google has been practicing hard to keep the Play Store safe from such harmful malware and viruses.
Zscaler ThreatLabZ research team published a blog on Thursday about identifying 17 apps on Google Play Store.
Following are the 17 apps that are removed from the Play Store:
- All Good PDF Scanner
- Mint Leaf Message-Your Private Message
- Unique Keyboard – Fancy Fonts & Free Emoticons
- Tangram App Lock
- Direct Messenger
- Private SMS
- One Sentence Translator – Multifunctional Translator
- Style Photo Collage
- Meticulous Scanner
- Desire Translate
- Talent Photo Editor – Blur focus
- Care Message
- Part Message
- Paper Doc Scanner
- Blue Scanner
- Hummingbird PDF Converter – Photo to PDF
- All Good PDF Scanner
How Joker malware bypasses the Google security?
The Joker malware keeps on bypassing the Google Play Store security because this malware keeps on changing its code, execution methods, or payload-retrieving techniques to steal money and personal data.
Zscaler ThreatLabZ research team also explained the three scenarios on how the Joker malware bypasses the Google Play security.
⦁ The Joker malware malicious apps have obscured C&C URL embedded in them for direct download. Once installed the malicious app contacts the C&C server for download. Joker malware uses DES encryption to execute these C&C activities.
⦁ The infected apps have a stager payload added. Stager payload retrieves the final payload URL from the code which then downloads and executes it.
⦁ Infected apps have two stager payloads to download the final payload. The infected app on the Google Play Store download the stage one payload, which then downloads the stage two payload, and finally, it loads the end Joker payload.
How to secure yourself from such malicious apps?
The easiest way is to check the permissions of the apps you are installing.
For eg, there is a calculator app that is asking permission to access your message and call logs. Such apps which ask for unusual permissions are the one we should look after and not consider downloading.