Over half a million Android users have installed an app used to deliver Joker malware after downloading it from the Google Play store.
Cybersecurity researchers at Pradeo identified the malware, which Google has now removed from its official Android app marketplace. Before its removal, the app, called ‘Color Message’, was downloaded by more than 500,000 Android users.
SEE: A winning strategy for cybersecurity (ZDNet special report)
Once installed, the malware does three things: it simulates clicks in order to generate revenue from malicious ads; subscribes users to unwanted paid premium services to steal money and commit billing fraud; and accesses users’ contact lists and sends the information to attackers. Researchers suggest there’s evidence that stolen information is sent to servers hosted in Russia.
Negative reviews of the app on the Play Store suggest that some users have noticed the unauthorised behaviour, with complaints about being charged for services they didn’t request access to.
Google Play has protocols designed to stop malicious apps from