Malicious Joker App Gets Half A Million Downloads

Uploaded on 2022-01-03 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Joker malware is has been detected on Google Play, identified in a mobile application called Color Message and infected app has reportedly been downloaded more than 500,000 times before its removal from the Google App store. The application appears to be making connections to Russian servers.

Users are advised to immediately delete Color Message from their devices to avoid being defrauded, researchers at Pradeo Security have warned.

Joker is a persistent threat since 2017, hiding itself within legitimate-seeming, common application types like games, messengers, photo editors, translators and wallpapers, many of them aimed at children. But once installed, Joker apps subscribe victims to unwanted, paid premium services controlled by the attackers. The malware subscribes users to unwanted, premium services controlled by the attackers.

Analysis of the Color Message application through the Pradeo Security engine shows that it accesses users’ contact list and exfiltrates it over the network. Simultaneously, the application automatically subscribes to unwanted paid services unbeknown to users. 

Schemes of this nature are referred to as billing fraud further categorised as “fleeceware” and victims are usually unaware of the infection until their mobile bill arrives.

To make it difficult to be removed, the application has the capability to hides it icon once installed. In some cases, the apps also exfiltrate contact lists, device information, and perform other malicious actions such as hiding icons from the home screen, which is a function of the Color Message app, according to Pradeo researchers. 

Mobile protection firm Zimperium has detected the most recent version of the malware which takes advantage of a legitimate developer tool called Flutter to evade both device-based security and app-store protections.

Flutter is an open-source app development kit designed by Google that allows developers to craft native apps for mobile, web and desktop from a single codebase. The use of Flutter to code mobile applications is a common approach, and one that traditional scanners see as benign, according to Praedo.

Threatpost:      Oodaloop:     ITSecurityWire:    PCMag:       Dr.Web:         Pradeo:    

You Might Also Read:

Trojan Malware Installed On Millions Of Android Devices:

 

« Belgium’s Military Suffer From Log4j Attack
Cyber Attack On Britain’s Defence Academy »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

Open Networking Foundation (ONF)

Open Networking Foundation (ONF)

The Open Networking Foundation (ONF) is a non-profit operator led consortium driving transformation of network infrastructure and carrier business models.

Finjan Holdings

Finjan Holdings

Finjan solutions are aimed at keeping the web, networks, and endpoints safe from malicious code and security threats.

Cellebrite

Cellebrite

Cellebrite delivers comprehensive solutions for mobile data forensics and mobile lifecycle management.

D-Fence

D-Fence

D-Fence high availability security service protects corporate email communication, the company and it's employee's against cyber threats.

S2 Grupo

S2 Grupo

S2 Grupo is the benchmark company in Europe and Latin America, for Cyber Intelligence and mission critical systems operations.

DataSunrise

DataSunrise

DataSunrise Data-Centric high-performance security software protects the sensitive data in real-time in cloud or on premises, and helps organizations to stay compliant.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

Digittrade

Digittrade

Digittrade develop and produce external encrypted hard disks and secure communications apps.

CNA Insurance

CNA Insurance

CNA offers a market-leading suite of cyber liability insurance products and risk control resources for businesses of all sizes.

GV (Google Ventures)

GV (Google Ventures)

GV provides venture capital funding to bold new companies in the fields of life science, healthcare, artificial intelligence, robotics, transportation, cyber security and agriculture.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

OxCyber

OxCyber

OxCyber's mission is to ignite and encourage cybersecurity and technology growth in the Thames Valley through meetings, webinars, in person events, workshops and mentorship programs.

Sword Group

Sword Group

Sword is a leader in data insights, digital transformation and technology services with a substantial reputation in complex IT, business projects and mission critical operations.

Cypherleak

Cypherleak

Cypherleak provide Automated Cyber Risk Monitoring & Ai powered cyber recommendations.