On October 3, Google removed as many as 34 apps with 120,000 downloads that were infected with a malware from its marketplace between July and September. The tech giant issued an advisory to immediately delete these 34 ‘dangerous’ apps. Since February, Google has been on a perpetual mission to clean up the malware targetted apps on the play store to make the android’s use safe for the customers. The company removed nearly 600 apps removed from its storefront, according to a release.
Earlier in 2017, the software firm Google had identified Bread aka Joker carrying out a billing fraud of massive scale via targeting the SMS. In the latest, the malware infected several apps that Google had to pull from the store for the safety of the customers. The malware targeted applications were cleaned from the Play Store since over the last few months as the threat is known to extend to android coding, which it modifies, eventually bypassing the play store’s security.
According to a report by the security researchers at Israeli cybersecurity firm Check Point Research, the apps infected with the malware not only breach users’ privacy but also allow other harmful malware to download to the device posing risks of cyber fraud. Joker is one of the most prominent malware that recently made it to Google’s app marketplace with noticeable coding modifications performed by hackers. While the apps have been taken down, Google advised in a statement to manually uninstall them to remove them permanently from the device.
Avoid detection by Google
Security researchers explained in the Check Point Research report that the “malicious actor behind Joker adopted an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection by Google.” Further, the malware targets the premium subscription on the marketplace via Notification Listener service and a dynamic dex file. “The latter relies on the C&C server to perform registration of the user to the services,” as per the report. “Originally, the code that was responsible for communicating with the C&C and downloading the dynamic dex file was located inside the main classes.dex file, but now the functionality of the original classes.dex file includes loading the new payload.” The malware infected at least 11 and an additional 6 apps later in the month of September after it came under the radar of California-based IT security company Zscaler.
Here is the list of 34 apps:
- All Good PDF Scanner
- Mint Leaf Message-Your Private Message
- Unique Keyboard – Fancy Fonts & Free Emoticons
- Tangram App Lock
- Direct Messenger
- Private SMS
- One Sentence Translator – Multifunctional Translator
- Style Photo Collage
- Meticulous Scanner
- Desire Translate
- Talent Photo Editor – Blur focus
- Care Message
- Part Message
- Paper Doc Scanner
- Blue Scanner
- Hummingbird PDF Converter – Photo to PDF
- All Good PDF Scanner
- Push Message- Texting & SMS
- Fingertip GameBox
- com.cheery.message.sendsms (two different instances)
- Safety AppLock
- Emoji Wallpaper
- Convenient Scanner 2
- Separate Doc Scanner