On August 21st, security researchers discovered a new malware dubbed “Joker” on the Google Play Store, which was designed to steal users’ SMS messages, contact lists, and device information. The malware has since infected 24 apps, which have now been removed from the store.
Joker is a Trojan which subscribes its victims to premium subscription services without their consent, hence the additional moniker “billing fraud.” Google Play Protect, Google’s built-in anti-malware program, detected and removed the infected apps, but it’s believed that Joker may have infected thousands of Android devices before the apps were taken down. It’s unclear if the malicious apps came from a single developer or bot network, but it’s thought that multiple independent groups are responsible.
This is not the first time that malware has infiltrated Google’s official app store. Earlier this year, researchers uncovered malware known as “Agent Smith”, which infected 25 million Android devices. Google has made efforts to improve its security measures to detect such malicious apps, but cybercriminals continue to find new ways to bypass detection. To stay protected, users should avoid downloading apps from unofficial sources and regularly update their devices to the latest software version.
