Android users are being warned about the discovery of two dozen malicious apps with spyware capabilities on Google’s official app marketplace.
Aleksejs Kuprins, a security researcher at cybersecurity threat intelligence specialists CSIS Security Group, said “Joker” spyware -- which derives its name from one of the command-and-control servers found by CSIS researchers -- has been detected in 24 apps that have collectively been installed over 472,000 times.
After infecting a device, Joker could steal SMS messages, contact information, and other sensitive data. The spyware also signed users up for premium subscriptions without their consent.
Joker "delivers a second-stage component, which silently simulates the interaction with advertisement websites, steals the victim’s SMS messages, the contact list and device info," Kuprins explained.
"The described trojan employs notably stealthy tactics to perform quite malicious activities on Google Play, while hiding within the advertisement frameworks and not exposing too much of its malicious code out in the open," he said.
Kuprins said the malware “stands out as a small and a silent one” because of the fact that it uses “as little Java code as possible and thus generates as little footprint as possible.”
Google said it pulled all 24 of the apps containing spyware from its Play Store after being notified of their presence by Kuprins and his team. Although the problematic apps have been removed, Kuprins still urges those who download apps from the Google Play store to be wary of the permissions requested by any app.
“We recommend paying close attention to the permission list in the apps that you install on your Android device,” he said. “Obviously, there usually isn’t a clear description of why a certain app needs a particular permission, which means that whenever you are downloading any app — you are still relying on your gut feeling to some extent.”