Google Play Store has been a victim playground of malicious apps and this time is not different. Google has detected and removed 1,700 apps from the Play Store that were found infected with the ‘Joker’ (aka Bread) malware. Read on to know more.
Google removes 1,700 Joker-infected apps
According to an official blog post by Google, Google has been tracking the ‘Joker’ malware since 2017. Out of the 1,700 malign apps, 24 apps were found out by CSIS Security Group’s researchers. The 24 apps had around 4,72,000 downloads in September 2019.
Google’s blog post describes Joker or Bread as a “well organized, persistent attacker.” which has many techniques to follow.
Joker or Bread malware mainly conducts SMS billing frauds. However, moved away from the method after Google introduced new Play policies, which restricted the use of ‘SEND_SMS’ permission. Then it moved towards toll frauds.
For SMS frauds, the malware would force users to pay for services via SMS. As for toll frauds. The malware tricks users to make purchases by directing them to a website and further entering their mobile numbers.
It is suggested that “Both of the billing methods detailed above provide device verification, but not user verification.”
As there is no user interaction, the hackers use injected clicks, custom HTML parsers, and SMS receivers to complete the malicious billing process.
While Joker or Bread have been working to adapt the Google Play Store changes and come up with new resources, it is currently no more on the Google Play Store. Google is constantly working towards detecting malicious apps and telling users of the same.