The Joker Malware on Android
More than half a million people have downloaded a malicious Android app from the Google Play store that secretly sends users’ contact details to an attacker-controlled server and registers them up for unwanted paid premium memberships.
Color Message (com.guo.smscolor.amessage), a popular messaging app, was detected to have the newest Joker virus, which has been detected to imitate user clicks and connect to Russian servers with the idea to monetize these activities and gain revenue from malicious ads.
According to mobile security company Pradeo, the compromised Color Message app exfiltrates users’ contact information and automatically subscribes them to undesirable premium services. When it is installed, the program has the option to conceal its icon so that it cannot be deleted. Presently, the app has been removed from the official app store.
Color Message’s creators declare in their terms and conditions that they are dedicated to ensuring that the software is as helpful and efficient as possible. They also declare that they are free to make adjustments or charge for the app’s services at any moment for any reason. However, they state that it is in their policy to never charge users for the app or its services unless they make it crystal clear precisely what you’re getting for your money.
First discovered in 2017, Joker (it can also go by the name of Bread) is a notable piece of fleeceware that has been reported to perform a wide range of harmful activities, including billing fraud and the secret interception of SMS messages, contact information, and device information without the knowledge of the users.
Android’s Security and Privacy Team noted that the virus developers have been utilizing a very creative set of sophisticated cloaking and obfuscation methods in an effort to go undetected and bypass Google Play protections.