Delete this new Joker malware from your Android device before you're billed for a premium service
An app containing malware has finally been removed from the Google Play Store but not before it had been installed more than 500,000 times. The app, named Color Messages, improves text messages by adding emoji to them. Pradeo Security (via ars Technica) wrote on Thursday that the app is infected with the Joker malware and appears to be connecting with Russian servers.
The Joker malware is ready to separate you from your hard-earned money
Based on Pradeo's analysis, the Color Messages app accesses users' contacts lists and also subscribes victims to unwanted premium paid services without their knowledge. That is a characteristic of Joker which is known as Fleeceware since it simulates clicks and intercepts SMS messages in order to sign users up for the aforementioned premium services. It also uses as little code as possible making Joker hard to detect.
Comment section from Color Messages
The report notes that in the last two years, Joker was discovered in hundreds of apps. As for Color Message, even though it has been removed and is no longer available from the Google Play Store, if you installed the app on your Android phone, it still could be signing you up for expensive services that you don't need or want.. So your best course of action is to remove the app from your handset ASAP.
We hate to sound like a broken record, but we've often advised you to look at the comments section of an app's listing on the App Store (for iOS apps) or the Google Play Store (for Android apps). The comments section is where you are going to find red flags and this was the case again with this app. One comment said, "They took money from my phone. I only installed this app on my phone and got a text message that I went 1 EUR over my phone limit for only downloading this stupid app. Very disappointed."
Another post on the comment section merely said, "This is a scam app. Don't install it." One comment said "Misleading ad and worst app ever." And yet another comment stated, "Deduction of sim balance without any permission and illegally." Anyone who took even a cursory glance at the comment section would have seen enough to figure out that a wide berth should have been given to this app.
And since the icon disappears and hides after the app is installed, removing it from your phone is easier said than done. Victims don't realize at first that they have been signed up for a premium service that they don't need or want, they often have to take a financial hit without a realistic chance of getting their money back.
How do these apps get past Google Play Protect?
You might wonder how these apps make it past Google Play Protect which is supposed to run a safety check on apps from the Google Play Store before they are installed on users' phones. These malicious apps are able to fool Google by delaying their true intentions. Once installed on an Android phone via an infected app, Joker subscribes you to premium WAP (wireless application protocol) services without your knowledge or consent, and steals your SMS messages, contact lists, and information about your device.
But at first, everything about the app appears copacetic allowing it to sneak past the bouncer like a, well, like the Trojan Horse from Greek mythology.
We can't stress enough that the comment section is the key to avoiding the headache that often follows the installation of a Joker-laden app. The companies that offer the premium services are not the most ethical and if you do end up having to deal with one, they will remind you of used car salesmen or interstate moving companies. Of course, this only applies to apps from developers that you've never heard of before. If you see an app developed by one of the top mobile developers, you probably don't have to worry about getting ripped off.
Things that are NOT allowed: