Malware found in the Google Play Store has infected millions of devices


This week Google removed 17 Android applications from the official Play Store. According to Viral Gandhi, a security researcher from Zscaler, all 17 applications were infected with Joker (aka Bread). Malware on the Play Store is a common phenomenon and it is a collective duty of both Google and users to deal with them.

malware on play store

“This spyware is designed to steal SMS messages, contact lists, and device information, along with silently signing up the victim for premium wireless application protocol (WAP) services,” Zscaler security researcher Viral Gandhi said.

Google has deleted these applications from the Play Store and started the Play Protect disable service, but users still need to manually intervene to delete these applications from the device.

The names of the 17 apps are:

  • All Good PDF Scanner
  • Mint Leaf Message-Your Private Message
  • Unique Keyboard – Fancy Fonts and Free Emoticons
  • Tangram App Lock
  • Direct Messenger
  • Private SMS
  • One Sentence Translator – Multifunctional Translator
  • Style Photo Collage
  • Meticulous Scanner
  • Desire Translate
  • Talent Photo Editor – Blur focus
  • Care Message
  • Part Message
  • Paper Doc Scanner
  • Blue Scanner
  • Hummingbird PDF Converter – Photo to PDF
  • All Good PDF Scanner

(As of this writing, these apps are no longer on Play Store. However, you have a duty to uninstall them immediately if they are on your device)

Joker is the bane of the Play Store

This is the third time the Google security team has dealt with Joker-infected applications in recent months. Early last month, the Google team deleted 6 infected apps. In July, Google security researchers also discovered a batch of applications infected by Joker.

According to the investigation, this batch of virus software has been active since March and has successfully infected millions of devices.

These infected applications use a technique called “droppers”. This technology allows the infected application to bypass Google’s security defense system, go directly to the Play Store, and infect the victim’s device in multiple stages.

Read Also:  Google set to kill call recording apps on the Play Store from May 11

From Google’s point of view, this technology is very simple, but difficult to defend.

How Joker works

First, the creator of the malware will clone the legitimate application function and upload it to the Play Store. Generally, this application is fully functional and can request access, but it will not perform any malicious operations the first time it runs. Since malicious operations are often delayed for hours or days, and Google’s security scans will not detect malicious code, such applications usually appear in the Play Store.

But once the user installs it on the device, the application downloads and “drops” (hence the name droppers or loaders) other components or applications on the device that contain Joker malware or other malware.

In January of this year, Google published a blog post claiming that Joker is one of the most persistent and advanced threats they have dealt with in the past few years. Google also said that since 2017, its security team has removed more than 1,700 applications from the Play Store. In short, it is difficult to guard against Joker. However, if users can be cautious when installing applications with broad permissions, they can reduce the possibility of infection.

In addition, Bitdefender also reported a batch of malicious applications to the Google security team, some of which are still available on the Play Store. Bitdefender did not disclose the name of the applications, only the account name of the developer who uploaded the application. It also warns that anyone who has such apps should uninstall them immediately.

Source/VIA :
Previous Qualcomm Snapdragon 875 frequency clocks at 2.84GHz
Next Nokia 10 PureView Prototype Rumored To Be Under Testing

6 Comments

  1. Reinaldo Ernesto Gibert Arencibia
    November 3, 2020

    It is funny and at the same time disgusting how Google and many other companies talk about the security issues of Huawei devices and are not aware of the internal problems. They are seeing the straw in another's eye, but not the beam in their own.

  2. Thomas Moorehead
    November 3, 2020

    Google should have an option to report an app. Seems to me that none of these developers that are stealing information and trespassing are being prosecuted which means google is in on it.

  3. Reinaldo Ernesto Gibert Arencibia
    November 3, 2020

    I am Cuban and unfortunately in my country, for example, when you talk about freedom of speech, political or religious association and what they represent, human rights, then the government calls you a counterrevolutionary, of being at the service of foreign interests and of course, the United States is the closest "enemy". Personally I am not a fan of any association, be it political or religious, at the end, every good ideal when institutionalized loses its value because the Truth itself does not belong to anyone, the truth cannot and will never be governed by human, social or cultural patterns. I am stating only one fact. That Huawei, Google, Apple and the rest of the companies in the United States, China, India, Spain, etc., etc., etc. have security agreements with their respective governments is understandable, at the end, human nature itself is not reliable, only that of those who are really anchored in the Divine and not pursue any benefits for their own actions and those precisely do not work in a company or are affiliated with any institution, not even non-governmental ones.

  4. J M
    November 4, 2020

    This is due to the to the fact that any, and all abstract phenomena eventualky becomes an "ism"
    Unfortunately all "isms", whether or not in perpetuity,  are inhierently evil.
    Mainly because your excellent insight, and intellect.
    Well done my friend. I like the way you think.
    You know, I have found that the majority of people, and from every last country, are good, and kind. Regardless of what those in power try to make us believe.
    Have a nice evening,
    Jack

  5. Sales Theresa
    November 4, 2020

    Exactly they can prevent this bullshit but greed is the utmost importants to them. You don't see apple having these issues. Google keys it up and Android will become nadda.i can't stand apple but I'm not gonna buy expensive phones for Google to allow this shit to happen every other month. I'm pissed

  6. Sales Theresa
    November 4, 2020

    It's bullshit Google has the money to create securer obstacles to prevent this crap. I can see a few getting through here she there but damn look at how many every other month the numbers climb.i bet if they're forced to start replaceing some of these expensive phones were buying they'll get there shit together fast..