As per a report from antivirus software provider Dr. Web, a number of legitimate-looking Android apps on the Google Play Store have been found to be hiding malicious code and affecting Android devices with malware, adware, spyware and more.
The report says that the apps pretended to be legitimate services such as photo editing softwares, games, utilities, and photo galleries, but came with the Android.Joker family malware embedded into them. These apps were spotted earlier in September and have since been removed from the Play Store. But, what is the Joker malware capable of?
Joker is known to feature some basic functionalities of a Trojan, which means you could expect it to install a backdoor on your device to maintain persistence. It will also swipe away sensitive handset and user data, along with financial information on your devices. This malware also transfers contacts list data to the command and control center.
This may come as a surprise, but Joker is also known to subscribe users to “premium mobile subscription” services by swiping away verification codes from text messages without the victim’s knowledge. Dr. Web also sheds light on “Android.Banker.352.origin” banking Trojan, which can be found within the YoBit cryptocurrency exchange app. This malware is interested in your credentials, 2FA (two-factor authentication) codes, and all other information needed to compromise cryptocurrency wallets owned by victims.
Another strain of the banking Trojan, called Android.Banker.347.origin was found to be disguised as a family locator app. It used Android Accessibility Service to steal sensitive data, but that’s not all. Dr. Web also talks about Trojan Downloaders, multiple strains of spyware apps that not only whisk away sensitive data but also enable remote access to hackers.
It has been reported that schemes similar to these have been around since 2016 and while it may have become difficult to fool Google Play Protect, the Trojans and spyware have affected over 800,000 Android users to date.