A Google Play store application named “Color Message” was being used as a disguise for Joker malware, and those who downloaded it were getting infected. Prior to its removal from the store, 500,000 people had downloaded the fraudulent app. The app itself was a ruse, making users believe they were getting a tool that would allow them to customize their text message fonts and colors. After the malware makes its way onto the device, it will perform three different actions. Those actions include click simulation on malicious ads to help the threat actor make money, paying for premium services, and sending the users’ contact information to servers which are suspected to be in Russia. Although Google Play has protocols in place that will help avoid this, threat actors were still able to get the malicious app on the store.
Analyst Notes
Although the app has been removed from the store, users who have it downloaded to their device are advised to delete it immediately. If any suspicious activity is noticed or there are unapproved charges, report it to Google immediately. This instance shows that even though parameters have been tightened and protocols have been changed, threat actors are still finding ways for apps like these to make their way onto the Google Play store.
zdnet.com/article/over-half-a-million-users-been-infected-with-joker-malware-after-downloading-this-android-app-from-google-play/?&web_view=true
