Google has taken steps to ax dozens of fraudulent apps from the official Play Store that were spotted propagating Joker, Facestealer, and Coper malware families through the virtual marketplace.<\/p>\n
While the Android storefront is considered to be a trusted source for discovering and installing apps, bad actors have repeatedly found ways to sneak past security barriers erected by Google in hopes of luring unsuspecting users into downloading malware-laced apps.<\/p>\n
The latest findings from Zscaler ThreatLabz and Pradeo are no different. “Joker is one of the most prominent malware families targeting Android devices,” researchers Viral Gandhi and Himanshu Sharma said in a Monday report.<\/p>\n
“Despite public awareness of this particular malware, it keeps finding its way into Google’s official app store by regularly modifying the malware’s trace signatures including updates to the code, execution methods, and payload-retrieving techniques.”<\/p>\n
Categorized as fleeceware, Joker (aka Bread) is designed to subscribe users to unwanted paid services or make calls to premium numbers, while also gathering SMS messages, contact lists, and device information. It was first observed in the Play Store in 2017.<\/p>\n
A total of 53 Joker downloader apps have been identified by the two cybersecurity firms, with the applications downloaded cumulatively over 330,000 times. These apps typically pose as SMS, photo editors, blood pressure monitor, emoji keyboards, and translation apps that, in turn, request elevated permissions for the device to carry out its operations.<\/p>\n
“Instead of waiting for apps to gain a specified volume of installs and reviews before swapping for a malware-laced version, the Joker developers have taken to hiding the malicious payload in a common asset file and package application using commercial packers,” the researchers explained the new tactic adopted by the persistent malware to bypass detection.<\/p>\n