Get rid of these apps with 300k+ installs Google just kicked off Play Store for being dangerous

By Scott Marlette Last updated Jul 22, 2022

Though Google’s Play Store is supposed to be a safe source for app downloads, bad actors are getting smarter every day and finding new ways to evade measures designed to keep them out.

Cloud security company Zscaler’s research team ThreatLabz discovered numerous apps on the Play Store that were laced with Joker, Facestealer, and Coper malware families. The Google Android Security team has removed them, so if you have any of them downloaded on your Android phone, you must delete them immediately.

Joker Android apps removed from Google Play Store

Joker was first discovered in 2019 and we have seen many variants of this spyware that stealthily subscribes people to premium services and steal text messages, contact lists, and device information, among other things. It keeps finding its way to the Play Store by regularly modifying its trace signatures. Over the past two months, the following Joker apps were found on Google’s official app store.

Simple Note Scanner
Universal PDF Scanner
Private Messenger
Premium SMS
Smart Messages
Text Emoji SMS
Blood Pressure Checker
Funny Keyboard
Memory Silent Camera
Custom Themed Keyboard
Light Messages
Themes Photo Keyboard
Send SMS
Themes Chat Messenger
Instant Messenger
Cool Keyboard
Fonts Emoji Keyboard
Mini PDF Scanner
Smart SMS Messages
Creative Emoji Keyboard
Fancy SMS
Fonts Emoji Keyboard
Personal Message
Funny Emoji Message
Magic Photo Editor
Professional Messages
All Photo Translator
Chat SMS
Smile Emoji
Wow Translator
All Language Translate
Cool Messages
Blood Pressure Diary
Chat Text SMS
Hi Text SMS
Emoji Theme Keyboard
iMessager
Text SMS
Camera Translator
Come Messages
Painting Photo Editor
Rich Theme Message
Quick Talk Message
Advanced SMS
Professional Messenger
Classic Game Messenger
Style Message
Private Game Messages
Timestamp Camera
Social Message

All in all, more than 50 Joker downloader apps have been found on the Play Store by ThreatLabz till now with a combined download count of more than 300,000. They usually fall in the Communication, Health, Personalization, Photography, and Tools categories.

The mode of attack is that many apps are released together and hide within them a malicious payload. The Joker malware often hides in messaging apps that require you to grant escalated access permissions. It then uses those permission to achieve its motives. For instance, in the Enjoy SMS app, the payload is hidden in an obfuscated path.

Facestealer malware

Facestealer malware is used to steal Facebook credentials with fake login screens. One of the apps that ThreatLabz came across was cam.vanilla.snapp and it has been downloaded more than 5,000 times.

Apps like cam.vanilla.snapp try to steal your Facebook login info using a fake login page

Coper trojan

This banking trojan uses a multi-stage infection chain to compromise Android smartphones and run harmful activities. It targets banking apps in Europe, Australia, and South America. They are disguised as legitimate apps and once a user downloads them from Google’s Play Store, they unleash the malware infection capable of intercepting and sending SMS messages, keylogging, locking and unlocking screens, preventing uninstalls and allowing bad actors to take control of infected phones. This ultimately leads to the perpetrators gaining access to the information they need to rob victims of their money.

For instance, an app called Unicc QR Scanner prompts users to update the app as soon as it is installed. After that, a backdoor or malware is installed in the device to help the attacker gain full control of the phone.

Unicc QR Scanner with Coper malware on the Play Store

Such apps keep popping up on the Play Store and even Apple’s app store, so it’s best to be vigilant and only install apps that come from trusted developers and have been downloaded many times. To be on the safe side, you should also go through the reviews posted about the apps.

It’s recommended not to install messaging apps. You should also avoid granting notifications listener and escalated accessibility permissions to apps that look shady.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.