Google takes pride in the security of apps it distributes through the Play Store. Despite its efforts, cybersecurity researchers regularly uncover malicious, malware-laced apps masquerading as harmless download-worthy ones on the platform. One of the more persistent threats has been the Joker malware, a spyware Trojan that allows bad actors to exploit victims and install more dangerous malware on compromised devices. Now that malware's back once again, having been spotted in Play Store apps with over 100,000 combined installs.
Cybersecurity research firm Pradeo discovered Joker malware in four apps on the Play Store: Smart SMS Messages, Blood Pressure Monitor, Voice Languages Translator, and Quick Text SMS (via SamMobile). The team informed Google and these apps have since been axed from the Play Store, but with over 100,000 installs between them, a lot of users could already be in trouble. If you downloaded one, we strongly suggest you uninstall right away — these apps could serve as a backdoor for hackers to infect your Android device with other kinds of malware.
Google's app store is no stranger to the infamous Joker malware. First spotted piggybacking on Android apps in 2017, the Trojan is designed to remain undetected when you download and install an app — something its small code footprint makes that much easier.
Security researchers found Joker malware infecting eight Play Store apps in June 2021 and 16 others in August (per Android Headlines). In October 2021, this malware leveraged the popularity of Netflix’s hit show Squid Game to infect an app distributing Squid Game-themed wallpapers, as spotted by ESET's Lukas Stefanko — the app accrued over 5,000 downloads before it was taken down. Joker malware reared its ugly head on the Play Store again in November, infecting seven apps, one of which had 50,000+ installs. In December, this persistent piece of internet junk proceeded to hijack an app with over 500,000 downloads at the time of its removal. A Google report from January 2020 claims that over 1,700 apps were delisted from the Play Store because they were infected with the Joker virus.
The Joker malware was initially reliant on SMS fraud, which dealt financial blows to its victims. It has since evolved into a powerful tool for hackers, which can be used to perform the following actions, all without the victim’s knowledge:
- Intercept one-time passwords and security codes
- Send and read SMS messages
- Intercept and read notifications
- Take screenshots silently
- Make calls
- Access contacts
- Record device information
Besides the usual rules of thumb for staying safe online, experts at Pradeo offer a few tips on how to spot apps that could be malicious or laced with malware, like looking out for developers who only have a single app to their name, use very generic or short privacy policies (often hosted on Google Docs), or lack a company website.