Malicious apps have again infiltrated the Google Play Store. This time, security researchers found 52 Android apps that spread malicious malware.
Security researchers from Zscaler and ThreatLabs found apps on the Google Play Store that were infected with three types of malware, namely Joker, Facestealer and Coper. Worse, these applications have been downloaded more than 300,000 times.
Of the 52 applications, 50 of them were infected with the Joker malware. This malware first appeared on the Play Store in 2017, and its capabilities are constantly being updated in order to escape the Google review team and avoid user detection.
"Despite public awareness of this malware, Joker continues to find its way into Google's official app store by regularly modifying the malware trail, including updates to code, execution methods, and payload retrieval techniques," Zscaler and ThreatLabz said in their report. , Tuesday (26/7/2022).
Advertisement
Joker malware is classified as fleeceware that can snoop on SMS messages, contact lists, and device information and register users with premium subscription services to drain their wallets.
Of the 50 applications that were infiltrated by the Joker malware, most fell into the communication and tools category. To deceive users, it is not uncommon for these rogue applications to use icons that are made similar to popular applications such as Messenger, WhatsApp, and Google Translate.
A complete list of 50 apps that carry the Joker malware can be found on the Zscaler website at this link. Here's a list of 10 of them:
Simple Note Scanner
Universal PDF Scanner
Private Messenger
Premium SMS
Smart Messages
Text Emoji SMS
Blood Pressure Checker
Funny Keyboard
Memory Silent Camera
Custom Theme Keyboard
In addition to the 50 applications above, security researchers also found the Vanilla Camera application containing the Facestealer malware and the Unicc QR Scanner application infected with the Coper malware.
Facestealer is malware that can steal Facebook login information from victims using fake Facebook login pages. While Coper is a banking trojan that is versatile, from intercepting and sending SMS, keylogging, locking or unlocking the device screen, preventing app uninstallation, and others.
The ultimate goal of the Coper malware is to gain information and access to the victim's financial assets, and use that information to break into the victim's account.
Fortunately, currently the above 52 malicious Android apps have been removed by Google from the Play Store. But users who have already downloaded it are recommended to immediately delete it from the device.
Researchers from Zscaler and Threatlabz advise Android users to be careful when downloading messaging applications, and always make sure that the application is indeed widely used and has positive reviews.
"Even when a link comes from a trusted friend asking you to download a messaging app, consider the possibility that your friend's device may be compromised by malware and confirm with them first," the researchers said.
"Then take the time to do your own research and verify that the app has an established and secure reputation before being installed."