Skip to Content
© Rafael Henrique |

This messaging app with 500K+ downloads is hiding malware that steals your money

Malware has evolved over the years to make detection incredibly difficult. Part of the problem is that many malicious apps behave like legitimate ones – stealing your data while hiding in plain sight.

When these apps are detected by security researchers or mobile phone developers, they’re typically removed quickly from the respective stores. Tap or click here to see if your phone could be harboring some of these apps.

But hackers don’t give up and often come up with new ways to get malicious software on as many devices as possible. Now one particularly problematic form of malware known as Joker is back, discovered hidden in an Android app downloaded over half a million times.

Here’s the backstory

First detected back in 2017, Joker malware has been a recurring threat to Android devices due to its ability to hide within popular apps – some of which have been downloaded hundreds of thousands of times. The malware can hide in fake apps or real applications that have been altered. Tap or click here to learn more about a recent discovery involving 24 apps injected with Joker malware.

Once an infected app is downloaded and installed, it tricks the mobile phone’s notification system by asking for permission to read all notifications. When an unsuspecting user grants permission, the malware will hide all future warnings and notifications about malicious behavior.

It has mostly been found in Android apps downloaded from the Google Play Store or third-party libraries. The previously infected apps have been removed from the Play Store, but Joker has once again reared its head.

Cybersecurity company Pradeo detected Joker in an Android app call Color Message. The app supposedly allowed users to change the color of their default text messages. But it served as nothing more than a vehicle to get the malicious software onto mobile phones.

In addition to how the previous Joker infections worked, this version added three more actions:

  • It uses mobile phones to simulate clicks on malicious ads to generate revenue
  • Subscribed users to premium services to steal money
  • Accesses users’ contact lists and sends data to hackers in Russia

Pradeo explained in a blog post that before it had been removed from the Google Play Store, the app had been downloaded more than 500,000 times. The app tries to evade deletion as well, as it hides the app shortcut from showing on the home screen.

What you can do about it

Thankfully, the app has been removed from the app store, but that doesn’t mean it has been removed from third-party sites. If you downloaded the app, you must also remove it from your device. Here is how to find and delete apps on Android:

  • Open the Google Play Store app.
  • At the top right, tap the profile icon.
  • Tap Manage apps & devices and then Installed.
  • Go through the list of displayed applications and look for Color Message or any app that you want to get rid of.
  • Next to the app you want to remove, tap Uninstall.

Here are some tips to stay safe:

  • Only download apps from the Google Play Store.
  • Never use third-party app stores, as they don’t always remove malicious applications.
  • If you phone is sluggish or overheating for no apparent reason, there might be malware operating in the background. Check which apps and processes are being used and stop them.

🚨 What it means for you

If you’re an Android user who’s so far been able to avoid problems related to malware-filled apps, don’t become complacent because hackers are only going to continue ramping up their tactics and this is just the latest example.

✅ Protecting yourself from malicious apps has never been more important, with tens of thousands infected Android apps detected each year. Tap or click here for tips to stay safe and avoid falling victim.

✅ While you’re at it, make sure you’re running the latest security settings introduced with Android 12. Tap or click here for new features you should know about from the Privacy Dashboard to managing what data apps can access.

Keep reading

Bad app warning: These apps with 300K downloads caught stealing banking info

Tech security tip: How to remove malware from your computer

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days