Mischievous Joker Android Malware Sneaks Into Google Play Again, Delete These Apps Now

Android Dolls
An Android malware analyst at Kaspersky continues to expose apps in Google play that may appear legitimate at first glance, but actually have a sinister underside. Each of the nearly two dozen apps (so far) identified since late July contain a Joker trojan, which itself features a bag of devious tricks to swindle victims out of their money, spy on text messages, and more.

This has become a sort of cat-and-mouse game between the malware author(s) and Google. For over a year now, Joker has been finding its way into the Play Store as it gets upgraded with new ways of evading detection by Google's vetting process. Apps containing new variants of Joker eventually get exposed, but can rack up thousands of downloads in the meantime.

Such is the case now with a growing list of Android apps that Kaspersky's Tatyana Shishkova has been tracking and naming on Twitter.

Android Apps
Click to Enlarge (Source: Kaspersky)

The newest of the bunch include a battery charging animation app, and an app that purportedly lets Android users configure flashing light alerts when receiving a phone call or text message. Fortunately, Google banned both apps from the Play Store before they could spread to a significant amount of devices (just around a dozen between the two), but that hasn't been the case with all of them.

Here's a list of the apps Joker infested Android apps identified in the past several months, along with the number of installations each one has managed before being kicked from the Play Store...
  • Battery Charging Animation Bubble Effects: 10+
  • Flashlight Flash Alert on Call: 1+
  • Easy PDF Scanner: 10+
  • Smart TV Remote: 1,000+
  • Hall0ween Coloring: 1+
  • Classic Emoji Keyboard: 5,000+
  • Volume Booster Louder Sound Equalizer: 100+
  • Super Hero-Effect: 5,000+
  • Battery Charging Animation Battery Wallpaper: 1,000+
  • Dazzling Keyboard: 10+
  • EmojiOne Keyboard: 50,000+
  • Now QRcode Scan: 10,000+
  • Blender Photo Editor-Easy Photo Background Editor: 5,000+
  • QR Code Scanner: 0+
  • Free QR Scanner: 0+
  • Kitty LockScreen: 100+
  • Camera Translator: 1,000+
  • Free Talk Message: 10,000+
  • Import QR Scanner: 1,000+
  • Miniature Photography: 1+
  • 3D Live Wallpaper: 10,000+
  • Free OpenScan: Not mentioned
  • Highlight Photo Editor: Not mentioned
Collectively these apps account for more than 99,000 installs according to Shishkova's Twitter history. Google has banned each of the above apps from the Play Store, but if you already installed any of them you should delete them from your handset or tablet immediately.

The Joker malware is no laughing matter. It has the ability to steal text messages, contact lists, and device information. It can also secretly subscribe users to premium services, so there's a billing fraud angle to the malware as well.

In July 2020, Check Point's Aviran Hazum warned that Google's Play Store protections were not enough to stop Joker dead in its tracks, as the security outfit was detecting new uploads on a daily basis. He also warned that "we can fully expect Joker to adapt" as Google takes measures to vet apps, and that prediction has proven accurate.