Four more Android applications that have been downloaded more than 100,000 times have been removed from the Google Play app store after security researchers said they were used to deliver malware to smartphones.
Users who have downloaded the apps have been warned to uninstall them immediately to avoid falling victim to fraud.
TO SEE: A winning cybersecurity strategy (ZDNet special report)
Three of the apps were published in the past month, while one was first published in November 2020 – although the researchers were unable to identify when it was modified to deliver malware.
Joker malware is designed to be discreet and difficult for app stores to detect, with developers frequently changing their methods to avoid being discovered.
The main purpose of Joker is to monetize victims who accidentally downloaded the malware and does so by committing fraud by making in-app purchases and sending text messages to paid numbers.
Two of the apps were able to bypass multi-factor authentication to ensure that in-app purchases can be made. This is done by intercepting one-time passwords by intercepting notifications, reading text messages and taking screenshots.
It is likely that users will not notice that they have been a victim of fraud until they receive their mobile phone bill, which can be weeks after infection.
While ad fraud and in-app purchases are the primary means of making money for Joker, it also offers the opportunity to install other apps on users’ devices, which could potentially be used to deliver even more dangerous malware that could be sensitive. information or spying on smartphones.
ZDNet attempted to contact Google for comment, but had not received a response at the time of publishing.