Skip to main content

Joker malware on Google Play Store downloaded half a million times

Joker
(Image credit: Warner Bros)

While Google has been trying its darnedest to run a tight ship on its Play Store, nasty apps created by bad actors still manage to find their way onto the Android storefront.

The latest of these threats has been named ‘the Joker’ – after the iconic and manic Batman villain – and has been found on a total of 24 Android apps that, until recently, could be downloaded from the Google Play Store.

Before Google managed to take down the apps, they were downloaded and installed more than 472,000 times, although it’s unclear how many people remain at risk. Below is a list of the affected apps that you should uninstall immediately if you are currently using them.

  • Advocate Wallpaper
  • Age Face
  • Altar Message
  • Antivirus Security - Security Scan
  • Beach Camera
  • Board picture editing
  • Certain Wallpaper
  • Climate SMS
  • Collate Face Scanner
  • Cute Camera
  • Dazzle Wallpaper
  • Declare Message
  • Display Camera
  • Great VPN
  • Humour Camera
  • Ignite Clean
  • Leaf Face Scanner
  • Mini Camera
  • Print Plant scan
  • Rapid Face Scanner
  • Reward Clean
  • Ruddy SMS
  • Soby Camera 
  • Spark Wallpaper

Discovered by security researcher Aleksejs Kuprins, the virus is intended to leech money out of its victims by way of premium subscription services, simulating the process a user would undergo to sign up.

Specifically, the background component of these apps silently ‘clicks’ on an advertisement within the app and does the same for the sign-up process when on site. It then accesses the victims SMS messages, copying the authorization code they’ve been sent in order to verify the subscription payments.

Kuprins states that the malware has the potential to target users in 37 countries, including the US, UK, and Australia as well as other EU and Asian countries, although some of the apps didn’t have any region restrictions.

The 24 apps listed are just the ones that have been discovered so far, so more could be compromised. However, Kuprins notes that “Google has been removing all of these apps without any note from us”, so it’s not likely that future apps containing the trojan will last long under the tech giant’s watch.

If you had ever installed any of the aforementioned apps, it’s worth checking your transaction history once you’ve uninstalled them, keeping an eye out for any suspicious account activity such as unfamiliar subscription payments.