A Trojan virus titled “the Joker” was last week found in 24 Google Play Store apps, a report by malware analyst Aleksejs Kuprins revealed via Medium.
According to Kuprins’ research, the infected apps were installed over 400 000 times by unsuspecting Android users.
No ad to show here.
The virus “silently simulates the interaction with advertisement websites, steals the victim’s SMS messages, the contact list and device info”.
This means that the Joker signed up a number of users to subscription services advertised on the apps it had infected.
“This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions,” Kuprins’ report explained.
The analyst went on to note that the Joker targeted users in 37 countries, most of which were in Europe and Asia. The targeted countries included the United States, the United Kingdom, Switzerland, Thailand and Malaysia.
The full list of infected apps, which can be found in the report, included “Antivirus Security – Security Scan”, “Great VPN”, and “Rapid Face Scanner”.
“Throughout this investigation, Google has been removing all of these apps,” the report further noted.
Details of the Joker virus emerge just weeks after popular app CamScanner was exposed for installing malware on some Android devices.
Feature image: Shereesa Moodley/Memeburn