Google has confirmed that it’s removed 17 more Android apps from its Play Store, but that doesn’t mean all smartphone users can breath a sigh of relief. The banned applications were found to be filled with the dangerous “Joker” malware, which is capable of stealing SMS messages, entire contact lists, and device information as well as silently signing-up the victim for premium wireless application protocol (WAP) services.
WAP services can leave users with a nasty bill as it’s a mechanism to buy content from sites that is then charged directly to a mobile bill.
The offending apps were discovered by the team at Zsclaer. If you have any of them (listed below) on your device you need to delete them right now.
In a post on its blog, Zsclaer’s Viral Gandhi said: “Our Zscaler ThreatLabZ research team has been constantly monitoring the Joker malware. Recently, we have seen regular uploads of it onto the Google Play store. Once notified by us, the Google Android Security team took prompt action to remove the suspicious apps from the Google Play store. This prompted us to evaluate how Joker is so successful at getting around the Google Play vetting process. We identified 17 different samples regularly uploaded to Google Play in September 2020. There were a total of around 120,000 downloads for the identified malicious apps.”
Since it was first discovered back in 2016, the so-called Joker malware has appeared in roughly 13,000 apps. Protecting against Joker can be tougher than other malware, however, checking the permissions requested by an app is a surefire way of spotting anything software that’s looking for unnecessarily broad permissions, security experts say.
If you have installed any of these apps then you should remove them from your device immediately. The new of this threat comes as Android users were recently put on high alert after a trio of apps were been discovered on the Google Play Store that could leave those who download them facing a nasty surprise.
The apps feature the ability to spam devices with unwanted adverts and even end up charging phone owners to use them.
The apps, which include a game called “Shock your friends”, were spotted by the security team at Avast. Once installed they can then begin aggressively displaying ads, or even start charge users between $2-$10.
Some of the apps were even able to hide their icons making it difficult for users to identify where the ads are being served from. “The apps we discovered are scams and violate both Google’s and Apple’s app policies by either making misleading claims around app functionalities, or serving ads outside of the app and hiding the original app icon soon after the app is installed,” said Jakub Vávra, threat analyst at Avast. “It is particularly concerning that the apps are being promoted on social media platforms popular among younger kids, who may not recognise some of the red flags surrounding the apps and therefore may fall for them.”
Published at Tue, 29 Sep 2020 06:17:00 +0000