Google Play: New Joker Malware Detected in Android Applications

Although security experts and ourselves from our site always recommend downloading applications from official channels, the truth is that bazaars such as Google Play are not exempt from hosting malware. We have seen this on many occasions, and the last one has as its protagonist the dangerous malware “Joker” , which could have infected millions of Android phones after appearing again in the Google applications bazaar.

Google Play: New Joker Malware Detected

Downloading applications from third-party pages or repositories (no matter how well-known they may be) always carries a risk. For this reason, it is recommended to download apps from Google Play. Worse, even here, Google cannot stop the progress of increasingly sophisticated malware, such as Joker.

A very dangerous malware

Now, Google has had to remove 17 infected applications that were roaming the bazaar. Detected by Zscaler, Google has eliminated them through Play Protect, although the user must manually delete them if they have installed any of the following:

  • All Good PDF Scanner
  • Mint Leaf Message-Your Private Message
  • Unique Keyboard – Fancy Fonts and Free Emoticons
  • Tangram App Lock
  • Direct Messenger
  • Private SMS
  • One Sentence Translator – Multifunctional Translator
  • Style Photo Collage
  • Meticulous Scanner
  • Desire Translate
  • Talent Photo Editor – Blur focus
  • Care Message
  • Part Message
  • Paper Doc Scanner
  • Blue Scanner
  • Hummingbird PDF Converter – Photo to PDF
  • All Good PDF Scanner

apps peligrosas

All of them are infected with Joker, a spyware that can steal SMS messages, contact lists and device information, in addition to subscribing the victim to payment services through the WAP protocol. The alarming thing is that it is not the first time that this malware appears on Google Play, since it was previously removed from several applications, since it has been sneaking into the Google bazaar since last March with more or less license.

Why can’t Google stop it?

Malicious software manages to bypass Google’s security barrier by entering Google Play as a clone of a legitimate application . Then it requests the permissions it requires to carry out its purpose, but does not perform any malicious action when it is executed for the first time.

However, after hours or even days after the software is installed on the victim’s mobile, the app auto-downloads files known as “droppers”, that is, additional components or other applications that contain the Joker malware or other strains of the same. Google has acknowledged that Joker is one of the most persistent and advanced malware it has faced in recent years. The recommendations in this regard are the usual ones. Even downloading apps within Google Play, you must download those from reliable sources that already have certain ratings or downloads, although even then we are not 100% free to suffer the problem.