• A new batch of malware-laced Android apps has been found by security researchers and subsequently booted from the Google Play Store.
  • The apps were infected by the Joker malicious bot that is able to sign people up to expensive premium subscription services.
  • The apps in question had been downloaded almost 200,000 times.

The coronavirus pandemic may have temporarily wrecked much of daily life as we know it, but some things never change. Namely, that bad actors keep working to sneak malware-laced Android apps into the Google Play Store — while stalwart researchers are continuously scouring Google’s proprietary app marketplace to find and ID those sketchy apps before they are able to wreak too much damage.

The latest batch of such apps has been discovered and summarily booted from the Play Store, thanks to the work of the security firm Pradeo. In a blog post published in recent days, the firm explained how a handful of apps which unfortunately garnered almost 200,000 downloads were basically so-called “fleeceware,” the point of which is to “simulate clicks and intercept SMS to subscribe to unwanted paid premium services unbeknownst to users.”

These apps were infected with the malicious Joker bot, which we’ve written about in the past. First identified some three years ago, “Joker” has been responsible for everything from stealing SMS messages to engaging in billing fraud and spyware. And researchers recently ID’d a completely separate group of apps lurking in the Play Store that were likewise found to be injected by “Joker” and able to sign up unsuspecting users to expensive, premium services.

“By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect,” the Pradeo blog post notes. “In the last year, the malware was found hiding in hundreds of apps.

“Today, Pradeo once again identified infected applications on Google Play … showing the store’s struggle to prevent malicious activities on its platform.” The post goes on to encourage users to “immediately delete them from their device to avoid fraudulent activities.”

These new six apps include games, wallpaper, security, and SMS services. Named in the Pradeo post, the apps included: Convenient Scanner 2, with more than 100,000 installs by itself, as well as Safety AppLock, Push Message — Texting & SMS, Emoji Wallpaper, Separate Doc Scanner, and Fingertip GameBox. It’s important to also note that while these apps have been pulled from the Play Store, they still need to be deleted from individual phones where they’ve been downloaded.

Back in July when the last batch of Joker-infected apps was found, Aviran Hazum of Check Point Research told one news outlet that the Joker malware will no doubt keep returning in various forms. “The Joker malware is tricky to detect, despite Google’s investment in adding Play Store protections,” Hazum explained. “Although Google removed the malicious apps from the Play Store, we can fully expect Joker to adapt again.”

Andy is a reporter in Memphis who also contributes to outlets like Fast Company and The Guardian. When he’s not writing about technology, he can be found hunched protectively over his burgeoning collection of vinyl, as well as nursing his Whovianism and bingeing on a variety of TV shows you probably don’t like.