A Google Play store application named “Color Message” was being used as a disguise for Joker malware, and those who downloaded it were getting infected. Prior to its removal from the store, 500,000 people had downloaded the fraudulent app. The app itself was a ruse, making users believe they were getting a tool that would allow them to customize their text message fonts and colors. After the malware makes its way onto the device, it will perform three different actions. Those actions include click simulation on malicious ads to help the threat actor make money, paying for premium services, and sending the users’ contact information to servers which are suspected to be in Russia. Although Google Play has protocols in place that will help avoid this, threat actors were still able to get the malicious app on the store.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is