Introduction

Joker is one of the most prominent malware families that continually targets Android devices. Despite awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques. This spyware is designed to steal SMS messages, contact lists, and device information along with silently signing up the victim for premium wireless application protocol (WAP) services.

It was first identified in 2017, Google Play Store has already banned infected app, but people who have already downloaded these app. Those people can be victims of this. Therefore, it is necessary that these app should be deleted from the mobile as soon as possible. Joker malware keeps coming in one form or the other. It is one of the most used malware apps. People all over the world have been duped through Joker malware on the pretext of offering them moneymaking offers.

Color Message

Security experts at Pradeo have reported that Color Message has been installed on more than 500,000 Android phones. It has a variant of Joker malware categorized as ‘Fleeceware’.
The Color Message app looks benign and offers a visually good user interface, but it is capable of doing unauthorised clicks on phone and also track messages to subscribe to premium services without the proper permission from the phone owner.

It was found that, app connecting to servers hosted in Russia. Google has now removed the app from Google Play Store, The average score of the app, was 4.1 stars despite the fact that many reviewers had left only 1-star rating for Color Message.

Joker Malware 

The Joker Malware was specifically designed to stay under the radar of Google’s detection and verification process which is designed for the apps. It goes without saying that it is extremely difficult or almost impossible for iOS devices because of their extremely high security measures and verification process.

The malware is designed to hide within basic utility or function apps and then creep into devices through the permission of access granted by the individual and then eventually capture text messages and contact a list which provides the personal information to the potential wrongdoers who end up committing identity theft, fraud or other hacks and crimes.

It has also been reported that the malware can actually sign up the infected device or subscribe it to some premium services by using the saved information and collecting information from the received OTPs, as authentication of transactions, which then eventually gets billed to the user of that device, without their knowledge.

What are the symptoms of infection with the ‘Joker’ malware?

Most of the time, users will notice the changes in their monetary as the malware steals money from users by subscribing them to paid subscriptions without their consent; but considering that this malware operates in the background, it can do a lot of damage without user’s knowledge. It will request some permission upon app installation as well like different other applications. On some occasions, users may notice that their devices have been slowed down a bit, which could be the case with phones that are inferior in regards to hardware. User may also notice new apps popping up on phone, though that will rarely happen in the app launcher. If that is the case, it will be hidden in application list. Well, this is not as probable though, due to various limitations put into place.

The following are the names of the infected apps discovered on the Google Play store:

• All Good PDF Scanner
• Mint Leaf Message-Your Private Message
• Unique Keyboard – Fancy Fonts & Free Emoticons
• Tangram App Lock
• Direct Messenger
• Private SMS
• One Sentence Translator – Multifunctional Translator
• Style Photo Collage
• Meticulous Scanner
• Desire Translate
• Talent Photo Editor – Blur focus
• Care Message
• Part Message
• Paper Doc Scanner
• Blue Scanner
• Hummingbird PDF Converter – Photo to PDF
• Powerful Cleaner

While the apps are constantly getting removed and the bugs allowing the malware to exist are updated through security fixes and updates, there exists a large majority of people who are either unaware of the potentially dangerous nature of these apps hence never delete the or install an antivirus or even update their phone after the release of security updates. These people will be the most vulnerable group as they will never realize the problem until they actually suffer the consequence.

What Can You Do To Stay Safe?

1. Update the android devices with latest security updates as soon as they are released by Google.
2. While downloading utility apps always look further into the developer and app details to find any red flags. Such as the origin, other apps which they have created, the rating of the app on the store, responses to the reviews etc. An app with an unusually low review to download ratio or a developer who is never heard should raise red flags before downloading any application.
3. The basic functionality apps like PDF viewers and converters and scanners are a lot of the times already present in the Smartphone’s, one doesn’t always require to download them in a new device.
4. Never download an application with an unknown source or outside of Google play store as these apps are not vetted or don’t follow the Google Play store policies which is harmful for the device.
5. In latest versions of android, one can disallow the access to various data points in a device such as access to text messages or contact list.
6. Never download free anti-virus software as they increase bloatware and can often cause more harm than benefit. Look for affordable antivirus solutions which are often bundled with VPNs at affordable prices.