Google has removed this week 17 Android applications from the official Play Store. The 17 apps, spotted by security researchers from Zscaler, were infected with the Joker (aka Bread) malware.
"This spyware is designed to steal SMS messages, contact lists, and device information, along with silently signing up the victim for premium wireless application protocol (WAP) services," Zscaler security researcher Viral Gandhi said this week[1].
The 17 malicious apps were uploaded on the Play Store this month and didn't get a chance to gain a following, having been downloaded more than 120,000 times before being detected.
The names of the 17 apps were:
- All Good PDF Scanner
- Mint Leaf Message-Your Private Message
- Unique Keyboard - Fancy Fonts & Free Emoticons
- Tangram App Lock
- Direct Messenger
- Private SMS
- One Sentence Translator - Multifunctional Translator
- Style Photo Collage
- Meticulous Scanner
- Desire Translate
- Talent Photo Editor - Blur focus
- Care Message
- Part Message
- Paper Doc Scanner
- Blue Scanner
- Hummingbird PDF Converter - Photo to PDF
- All Good PDF Scanner
Following its internal procedures, Google removed the apps from the Play Store, used the Play Protect service to disable the apps on infected devices, but users still need to manually intervene and remove the apps from their devices.
Joker is the Play Store's bane
But this recent takedown also marks the third such action from Google's security team against a batch of Joker-infected apps over the past few months.
Google removed six such apps[2] at the start of the month after they've been spotted and reported by security researchers from Pradeo[3].
Before that, in July, Google removed another batch of Joker-infected apps discovered by security researchers from Anquanke[4]. This batch had been active since March and had managed to infect millions of devices.