Uninstall More of These Android Apps With ‘Joker’ Malware

Cybersecurity researchers from Zscaler recently discovered 17 shady apps containing the “Joker” malware on the Google Play Store. The researchers reported the apps, which are now banned and disabled by Google Play Services, but you might also need to uninstall them from your devices manually. Here’s the full list:

• All Good PDF Scanner

• Blue Scanner

• Care Message

• Desire Translate

• Direct Messenger

• Hummingbird PDF Converter – Photo to PDF

• Meticulous Scanner

• Mint Leaf Message-Your Private Message

• One Sentence Translator – Multifunctional Translator

• Paper Doc Scanner

• Part Message

• Private SMS

• Style Photo Collage

• Talent Photo Editor – Blur focus

• Tangram App Lock

• Unique Keyboard – Fancy Fonts & Free Emoticons

Luckily, these apps were not available long enough to amass large download numbers, but you’ll still want to delete them from your phone if you’re one of the few that grabbed them, though.

The bigger concern, however, is how these apps infected devices. Each of the 17 apps used the popular “Joker” malware. Joker apps sign the user up for premium wireless application protocol (WAP) services without them knowing, which are used to trade data back and forth. Hackers use the WAP services to steal your phone’s saved contact information and other sensitive data, read and copy text messages, install other malware, and more.

These apps combine permissions and malicious code to perform these attacks, which Google Play Services would normally detect and block. Joker apps, however, hide their malicious activity and do not contain dangerous code — at least not at first.

[referenced id=”1027921″ url=”https://www.lifehacker.com.au/2020/09/how-to-avoid-malware-on-tiktok-and-instagram/” thumb=”https://www.gizmodo.com.au/wp-content/uploads/sites/4/2020/09/23/ti6ygzkyn8cmka8sruft-300×169.jpg” title=”How to Avoid Malware on TikTok and Instagram” excerpt=”TikTok’s days as a viable social media platform might be numbered, at least in the U.S. (unless something changes before Trump’s recent executive order kills it for good), but the app still works for now, and its massive user base is as active as ever. And that includes shady app…”]

The apps ask for overreaching permissions unrelated to its advertised features during installation, but they won’t do anything with said permissions for the first few days the app is installed. The app then downloads and installs the malware a few days later, a process otherwise known as a “dropper” attack.

Dropper attacks are simple, but can easily slide past Google’s scans unnoticed, so users have to make sure they’re not unwittingly downloading a sketchy app. Check permissions ahead of time on the app’s Google Play download page, and pay attention to what permissions an app asks for during installation and the first time you use it. If an app wants to use a feature or access data unrelated to its core functionality, say no and delete it.