Apps carrying Joker malware detected (and removed) Google Store

Joker Malware

In spite of the many different security measures that the Google Play Store has in place to prevent malicious and harmful apps from getting approved and uploaded to it, hackers always seem to find a way to get rogue software inside the Store and, from there, into the users’ devices. One example of a particularly persistent malware threat that has been around ever since 2017 and is still somehow managing to infiltrate the Play Store is the so-called Joker malware. This malicious piece of code is used for performing billing frauds. It operates by pretending to be a legitimate app while secretly, and without any symptoms, sending out SMS messages to numbers that bill you on a premium-rate basis. Another way the Joker malware can cause higher bills is by performing purchases from the user’s account via WAP (Wireless Application Protocol) billing which also secretly empties the victim’s pockets without their knowledge. This type of malware is very common and, over the years, it has had many different iterations. According to statistics from Google, during peak times, the number of app submissions to the Play Store that are subsequently revealed to carry the Joker malware could get as high as 20. This is more than likely one of the reasons why this particular strain of malware is still managing to infiltrate the Play Store, three years after its initial release.

Another factor that helps Joker malware find its way into the Store has to do with the way the apps that carry it are uploaded there. Reports state that, in many cases, the rogue app doesn’t initially have any malicious code in it and is, for all intents and purposes, a legitimate application that meets the security requirements of the Play Store. It is only after it gets accepted into the Store that its creators update it with, adding the malicious Joker malware code.

The six apps that currently carry the Joker malware

Even though Google has already made sure to remove the rogue apps from its Play Store, reports say that there has already been an approximate total of 200, 000 downloads (collectively) of the malicious applications. Users are, therefore, strongly advised to remove any of the following apps from their devices ASAP if they currently have them:

  • Convenient Scanner 2
  • Separate Doc Scanner
  • Safety AppLock
  • Push Message-Texting&SMS
  • Emoji Wallpaper
  • Fingertip GameBox

Out of these malicious apps, Convenient Scanner 2 alone has a download count of over 100,000, and the downloads for Separate Doc Scanner are around 50,000. Safety AppLock, Push Message-Texting&SMS, and Emoji Wallpaper all have been downloaded about 10,000 times and Fingertip GameBox has approximately 1000 downloads.

Precaution tips for future protection

One of the biggest red flags when looking through the different apps available on the Google Play Store is the big number of permissions required by a given app. If any particular application you may be interested in downloading turns out to have a long list of permissions that you are required to give it before you can start using it, it might be best to avoid said app and try to find an alternative to it. It is exactly the permissions that users give to the apps that carry the Joker malware that allow the rogue apps to exploit the infiltrated devices in the way they do. What’s even worse is that once the malicious software is on the device, finding out about its harmful activities is rather unlikely. The app that carries the malware would likely work as intended or, at least, will not trigger any suspicious symptoms that could draw your attention and potentially expose the malicious components of the app. In most cases, the apps that contain the Joker malware run their harmful processes in the background, showing no visible signs of malicious activity. This is why the best way to avoid falling victim to such malware is to be very selective about the apps you download onto your smartphone or tablet. As we said, if any particular app doesn’t seem trustworthy, it’s better to avoid it.


About the author

Brandon Skies

Brandon is a researcher and content creator in the fields of cyber-security and virtual privacy. Years of experience enable him to provide readers with important information and adequate solutions for the latest software and malware problems.

Leave a Comment