Joker Malware In This Android App On Google Play Infected 500K Users, Delete It Now

One app on the Google Play store has sent users’ contacts to a Russian server on the sly. Then, it signed them up for expensive subscriptions. That one app has already been downloaded half a million times. If you’re among those 500,000 users who downloaded the app, you’d best delete it now. The app is called Color Messages, and thankfully, Google has pulled it from the app store. Supposedly, it enhances your text messaging by adding emojis and blocking junk texts, but researchers at Pradeo Security reported it does a lot more than that.

The Color Message app carries a family of malware called Joker. In the past, millions of Android devices have fallen prey to Joker and its variants. Joker is considered a “fleeceware” form of malware, because it primarily works to simulate clicks and then intercept SMS messages. That way, it can subscribe you to premium services you don’t want or even know about.

According to Pradeo spokesperson Roxan Suau, the Color Message app “accesses users’ contact list and exfiltrates it over the network. Simultaneously, the application automatically subscribes to unwanted paid services unbeknownst to users”.

Joker has made its way into hundreds of apps, despite Google’s efforts to detect malware and remove infected apps. Part of the problem is Joker’s footprint is so small and developers use a number of techniques to hide it.

One more thing to note here is that Color Message is also known to hide its icon once the malware kicks in. To remove it, you may have to go into Settings or the Play Store. Furthermore, you should be careful about where you download apps. Try to stick with apps made by known companies, and only download them from official app stores when they provide a real benefit over the stock apps preloaded on your device.