{"id":41297,"date":"2020-09-03T14:26:45","date_gmt":"2020-09-03T14:26:45","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=ae1d7df57399d83bab1447f4feaaa15b"},"modified":"2020-09-03T14:26:45","modified_gmt":"2020-09-03T14:26:45","slug":"joker-fleeceware-thriving-on-google-play-store-researchers-claim","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/joker-fleeceware-thriving-on-google-play-store-researchers-claim\/","title":{"rendered":"Joker fleeceware &#8220;thriving&#8221; on Google Play Store, researchers claim"},"content":{"rendered":"<p><span class=\"field field-name-field-author field-type-node-reference field-label-hidden\"><br \/>\n      <span class=\"field-item even\"><a href=\"https:\/\/www.cloudpro.co.uk\/authors\/bobby-hellard\">Bobby Hellard<\/a><\/span><br \/>\n  <\/span><\/p>\n<div class=\"field field-name-field-published-date field-type-datetime field-label-hidden\">\n<div class=\"field-items\">\n<div class=\"field-item even\"><span class=\"date-display-single\">3 Sep, 2020<\/span><\/div>\n<\/p><\/div>\n<\/div>\n<p class=\"short-teaser\">\n<a href=\"https:\/\/www.cloudpro.co.uk\/\" title=\"\" class=\"combined-link\"><\/a><\/p>\n<div class=\"field field-name-body\">\n<p><span data-cke-copybin-start=\"1\">\u200b<\/span>Six apps have been deleted from the Google Play store after it was discovered they were infected with\u00a0malware that simulates clicks and intercepts SMS messages to commit fraud.<\/p>\n<p>Joker, also known as &#8220;Bread&#8221;, is a billing-fraud strain of <a href=\"https:\/\/www.itpro.co.uk\/malware\/28076\/what-is-malware\" >malware<\/a>\u00a0that advertises\u00a0itself as a legitimate app, according to security researchers at Pradeo.<\/p>\n<p>The six apps account for nearly 200,000 installs and, despite confirmation of their removal from Google&#8217;s Play Store, researchers have suggested they are still installed on the devices of their users.<\/p>\n<p>The researchers have urged users to immediately delete the apps: Convenient Scanner 2, Separate Doc Scanner, Safety AppLock, Push Message-Texting &amp; SMS, Emoji Wallpaper and Fingertip GameBox.<\/p>\n<p>Often described as &#8216;fleeceware&#8217;, this type of\u00a0malware is designed to simulate clicks and intercept SMS text messages to trick users into subscribing to unwanted paid premium services. These types of malware generally have a fairly\u00a0discreet footprint as they tend to use as little code as possible, making their fraudulent activity difficult to spot.<\/p>\n<p>Apps that spread\u00a0the Joker malware have continued to bypass Google security mechanisms\u00a0since 2019 as those behind its spread are constantly updating its source code.<\/p>\n<p>&#8220;Most apps embedding Joker malware are programmed to load and execute external code after being published on the store,&#8221; Pradeo researcher Roxane Suau said, speaking to <a href=\"https:\/\/threatpost.com\/joker-spyware-google-play-apps-2\/158895\/\" ><em>Threatpost<\/em><\/a>.<\/p>\n<p>&#8220;First, these apps are riddled with permission requests and submitted to Google Play by their developers. They get approved, published and installed by users. Once running on users&#8217; devices, they automatically download malicious code. Then, they leverage their numerous permissions to execute the malicious code.&#8221;<\/p>\n<p>The malware has &#8220;thrived&#8221; on <a href=\"https:\/\/www.itpro.co.uk\/mobile\/mobile-security\/354729\/google-purges-24-android-apps-that-abuse-user-data\" >Google Play in 2020<\/a>, according to the team. In January, researchers revealed that Google had removed 17,000 <a href=\"https:\/\/www.itpro.co.uk\/google-android\/34259\/android-drops-the-sugar-in-new-naming-scheme\" >Android<\/a> apps that had been conduits for the Joker malware, with 11 more removed in July. <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>      Bobby Hellard<\/p>\n<p>        3 Sep, 2020    <\/p>\n<p>      \u200bSix apps have been deleted from the Google Play store after it was discovered they were infected with\u00a0malware that simulates clicks and intercepts SMS messages to commit fraud.<br \/>\nJoker, also know&#8230;<\/p>\n","protected":false},"author":403,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-41297","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/403"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=41297"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41297\/revisions"}],"predecessor-version":[{"id":41298,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41297\/revisions\/41298"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=41297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=41297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=41297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}