Malware found in the Google Play Store has infected millions of devices

This week Google removed 17 Android applications from the official Play Store. According to Viral Gandhi, a security researcher from Zscaler, all 17 applications were infected with Joker (aka Bread). Malware on the Play Store is a common phenomenon and it is a collective duty of both Google and users to deal with them.

malware on play store

“This spyware is designed to steal SMS messages, contact lists, and device information, along with silently signing up the victim for premium wireless application protocol (WAP) services,” Zscaler security researcher Viral Gandhi said.

Google has deleted these applications from the Play Store and started the Play Protect disable service, but users still need to manually intervene to delete these applications from the device.

The names of the 17 apps are:

  • All Good PDF Scanner
  • Mint Leaf Message-Your Private Message
  • Unique Keyboard – Fancy Fonts and Free Emoticons
  • Tangram App Lock
  • Direct Messenger
  • Private SMS
  • One Sentence Translator – Multifunctional Translator
  • Style Photo Collage
  • Meticulous Scanner
  • Desire Translate
  • Talent Photo Editor – Blur focus
  • Care Message
  • Part Message
  • Paper Doc Scanner
  • Blue Scanner
  • Hummingbird PDF Converter – Photo to PDF
  • All Good PDF Scanner

(As of this writing, these apps are no longer on Play Store. However, you have a duty to uninstall them immediately if they are on your device)

Joker is the bane of the Play Store

This is the third time the Google security team has dealt with Joker-infected applications in recent months. Early last month, the Google team deleted 6 infected apps. In July, Google security researchers also discovered a batch of applications infected by Joker.

According to the investigation, this batch of virus software has been active since March and has successfully infected millions of devices.

These infected applications use a technique called “droppers”. This technology allows the infected application to bypass Google’s security defense system, go directly to the Play Store, and infect the victim’s device in multiple stages.

From Google’s point of view, this technology is very simple, but difficult to defend.

How Joker works

First, the creator of the malware will clone the legitimate…