Google Removes 17
Apps from Play Store after Cloud Security Firm Cautions of Malware Causing WAP
Fraud
Android apps: Tech giant Google last week removed
as many as 17 apps from its Play Store, after they were found to be infected with
malware. Security researchers from Zscaler found that
the 17 apps were infected by Joker or Bread malware. These apps had been uploaded
on the Play Store this month itself, and were downloaded around 1.2 lakh times before
they were detected, Zscaler said in a post. The cloud
security company said that once it informed Google about the malicious apps, the
tech giant promptly took them down before they could target any more users.
The statement said that the researchers at Zscaler ThreatLabZ had been constantly
monitoring the Joker malware and that was how they came across these malicious apps
that were regularly uploaded to the Google Play Store in September this year.
The 17 apps removed by Google, as listed by Zscaler, are:
1.
All Good PDF Scanner
2.
Mint Leaf Message-Your
Private Message
3.
Unique Keyboard – Fancy
Fonts & Free Emoticons
4.
Tangram App Lock
5.
Direct Messenger
6.
Private SMS
7.
One Sentence Translator
– Multifunctional Translator
8.
Style Photo Collage
9.
Meticulous Scanner
10.
Desire Translate
11.
Talent Photo Editor
– Blur focus
12.
Care Message
13.
Part Message
14.
Paper Doc Scanner
15.
Blue Scanner
16.
Hummingbird PDF Converter
– Photo to PDF
17.
All Good PDF Scanner
The cloud security firm said that Joker is among the
most prominent malware and it continually attacks Android-based devices. Even though
Google is aware of the malware, it is hard for the tech giant to protect its users
from the malware since Joker keeps returning to Google Play Store by changing its
code, payload-retrieving techniques or its execution methods. The malware aims to
steal contact lists, device information and SMS messages from the affected phone
while also signing up the affected user for premium services of wireless application
protocol (WAP).
This action is the third one taken by the tech giant
over the past few months against the apps affected by the malware. In the beginning
of September, Google had removed six Joker-infected apps after security researchers
from a different firm informed the tech giant about the threat.
Earlier in July also, Google had removed a batch of
apps, after being alerted by a third firm’s security researchers. The batch removed
in July had been uploaded in March and it had infected millions of users before
being detected.
The app sneaks around Google’s security mechanism through
a technique called ‘droppers’.
The authors of the malware copy the functionality of
a legitimate app and upload it on the Google application market. Fully functional,
the app asks for permissions. However, it does not infect the device when run for
the first time. Due to the delay in the launch of the malware by hours or days,
the security scans run by Google do not catch the malicious code, and the tech giant
allows the app to be listed on the Play Store.
Once the app is on the users’ devices, it eventually
downloads (or drops) other components that lead to the installation of the Joker
malware, thus compromising the privacy and security of the users.
In January, Google had said that Joker was among the
most persistent malware threatening its users and stated that it had removed, by
then, over 1,700 apps infected by the malware.
Zscaler,
giving its word of caution, told users to keep an eye on the permissions that any
apps were seeking, and look out for suspicious permissions like SMS messages, contacts
or call logs, as it could be an indicator of a malicious app.