Four more Android applications downloaded over 100,000 times have been removed from the Google Play app store after security researchers said they were being used to deliver malware to smartphones.
- Ransomware is the biggest global cyber threat (and the attacks are evolving)
- Hacking gets dangerously real: 8 cybersecurity predictions
- Period tracking apps are no longer safe. It’s time to delete them
- The best cybersecurity certifications: Become a security expert
- How to delete yourself from search results and hide your identity online
Users who downloaded the apps have been warned to immediately delete them to avoid falling victim to fraud.
SEE: A winning strategy for cybersecurity (ZDNet special report)
Three of the apps were published within the last month, while one was first published in November 2020 – although the researchers were unable to identify when it had been modified to deliver malware.
Joker malware is designed to be discreet and difficult to detect by app stores, with its developers regularly switching their methods to bypass being discovered.
The main goal of Joker is to make money from victims who’ve inadvertently downloaded the malware and it does this committing fraud by making in-app purchases and sending SMS messages to premium rate numbers.
Two of the apps were able to bypass multi-factor authentication to ensure that in-app purchases can be made. This is done via intercepting one-time passwords by intercepting notifications, reading SMS messages and taking screenshots.
It’s likely that users will only notice they’ve fallen victim to fraud when they receive their mobile phone bill, which could be weeks after infection.
While ad-click and in-app purchasing fraud is Joker’s main means of making money, it also comes with the ability to install other apps on users’ devices, which could potentially be used to deliver even more dangerous malware that could steal sensitive information or spy on smartphones.
Malicious apps are designed to look legitimate, but Pradeo suggests there are some tell-tale signs that can alert users that what they might be about to download could be malware. These include how the developer accounts for each app, privacy policies being short and vague, and the apps never relating to a specific company name or website.
ZDNet has attempted to contact Google for comment, but hadn’t received a response at the time of publication.
MORE ON CYBERSECURITY
- How to keep your bank details and finances more secure online
- This new Android malware bypasses multi-factor authentication to steal your passwords
- Smartphone malware is on the rise, here’s what to watch out for
- Thousands of Android users downloaded this password-stealing malware disguised as anti-virus from Google Play
- Fake versions of real smartphone apps are being used to spread malware. Here’s how to stay safe