Dec 17, 2021 16:00:00

An app downloaded 500,000 times on Google Play was sending user contacts to a Russian server

It turned out that the malware 'Joker' that registered for a high-priced subscription service and stole contacts without the user's knowledge was loaded in the message application downloaded 500,000 times on Google Play.

New Joker malware detected on Google Play, 500.000+ users affected

https://blog.pradeo.com/pradeo-identifies-app-joker-malware-google-play

Google Play app with 500,000 downloads sent user contacts to Russian server | Ars Technica
https://arstechnica.com/information-technology/2021/12/google-removes-malicious-app-that-infected-500000-google-play-users/

According to Pradeo Security, a security company that reported the problem, the message app 'Color Message', which sells blocking spam messages while expanding SMS / MMS functions with pictograms and images, contains malware called Joker. He said he was there.

Joker is the first malware discovered in the Google Play app in 2016 that targets Android devices and not only enrolls in high-value service subscriptions without the user's knowledge, but also personals such as SMS message content and contacts. It has the function of stealing information. Joker makes it difficult to detect by using as few codes as possible, but it has been reported that it has been built into hundreds of apps over the last two years.

Google has already removed Color Message from Google Play following a report from Pradeo Security. However, we know that the app had been downloaded more than 500,000 times before it was removed, and Pradeo Security is urging Color Message users to remove the app as soon as possible.

Analysis by Pradeo Security reveals that Color Message accesses a user's contacts, steals information over the network, and at the same time automatically registers for unwanted subscription services that the user is not aware of. increase. The app is believed to be connected to a Russian server, and the stolen information seems to have been sent to the Russian server. It also had a function to hide the application itself after installation so that it would be more difficult to delete.

Also, the Color Message Terms of Service are

published in the form of blog posts , but do not disclose the range of features that the app can perform on the user's device. The blog post also has a comment, 'How can I unsubscribe?', But there is no answer to this.

Google regularly scans for malware and removes apps in order to deal with harmful apps that exist on Google Play, but 'There are many apps that Google has missed,' he said overseas. News media Ars Technica points out. Android users should be cautious about downloading apps and check user reviews for malware reports.