A malicious Android app with more than 500,000 downloads from the Google Play app store has been discovered to host malware that stealthily filters users’ contact lists on an attacker-controlled server and enrolls users in premium paid subscriptions. unwanted without your knowledge.
The latest Joker malware was found in a messaging-focused application called Color Message (“com.guo.smscolor.amessage”), which has since been removed from the official application market. Additionally, it has been observed simulating clicks to generate revenue from malicious ads and connect to servers located in Russia.
Color Message “accesses the users’ contact list and filters it through the network. [and] it automatically subscribes to unwanted payment services, “said mobile security firm Pradeo.” To make removal difficult, the app has the ability to hide its icon once installed. “
“We are [sic] committed to ensuring that the application is as useful and efficient as possible, “state the developers behind Color Message in their terms and conditions.” For that reason, we reserve the right to make changes to the application or to charge for its services, at any time and for any reason. We will never charge you for the application or its services without making it very clear to you exactly why you are paying. “
Joker, since its discovery in 2017, has been a top-down software notorious for carrying out a variety of malicious activities, including billing fraud and the interception of SMS messages, contact details, and device information without the knowledge of the users. users.
Malicious apps have continued to bypass Google Play protections using a barrage of evasion tactics to the point that the Android Security and Privacy Team said that malware authors have “at some point used almost all cloaking and obfuscation techniques. under the sun in an attempt to go undetected. “