The harmful software program has been noticed in apps with over 100,000 mixed installs

Google takes delight within the safety of apps it distributes by way of the Play Retailer. Regardless of its efforts, cybersecurity researchers recurrently uncover malicious, malware-laced apps masquerading as innocent download-worthy ones on the platform. One of many extra persistent threats has been the Joker malware, a spy ware Trojan that permits unhealthy actors to take advantage of victims and set up extra harmful malware on compromised gadgets. Now that malware’s again as soon as once more, having been noticed in Play Retailer apps with over 100,000 mixed installs.

Cybersecurity analysis agency Pradeo found Joker malware in 4 apps on the Play Retailer: Good SMS Messages, Blood Stress Monitor, Voice Languages ​​Translator, and Fast Textual content SMS (through SamMobile). The group knowledgeable Google and these apps have since been axed from the Play Retailer, however with over 100,000 installs between them, numerous customers might already be in hassle. In case you downloaded one, we strongly recommend you uninstall immediately — these apps might function a backdoor for hackers to contaminate your Android gadget with different kinds of malware.


Google’s app retailer isn’t any stranger to the notorious Joker malware. First noticed piggybacking on Android apps in 2017, the Trojan is designed to stay undetected if you obtain and set up an app — one thing its small code footprint makes that a lot simpler.

Safety researchers discovered Joker malware infecting eight Play Retailer apps in June 2021 and 16 others in August (per Android Headlines). In October 2021, this malware leveraged the recognition of Netflix’s hit present Squid Recreation to contaminate an app distributing Squid Recreation-themed wallpapers, as noticed by ESET’s Lukas Stefanko — the app accrued over 5,000 downloads earlier than it was taken down. Joker malware reared its ugly head on the Play Retailer once more in November, infecting seven apps, considered one of which had 50,000+ installs. In December, this persistent piece of web junk proceeded to hijack an app with over 500,000 downloads on the time of its elimination. A Google report from January 2020 claims that over 1,700 apps have been delisted from the Play Retailer as a result of they have been contaminated with the Joker virus.

The Joker malware was initially dependable on SMS fraud, which dealt monetary blows to its victims. It has since developed into a robust instrument for hackers, which can be utilized to carry out the next actions, all with out the sufferer’s data:

  • Intercept one-time passwords and safety codes
  • Ship and browse SMS messages
  • Intercept and browse notifications
  • Take screenshots silently
  • Make calls
  • Entry contacts
  • Document gadget info

In addition to the standard guidelines of thumb for staying secure on-line, consultants at Pradeo supply a number of tips about methods to spot apps that may very well be malicious or laced with malware, like looking for builders who solely have a single app to their identify, use very generic or quick privateness insurance policies (typically hosted on Google Docs), or lack an organization web site.