Malicious Apps with 300,000 installations discovered on Google Play Store

Malicious apps

Security experts have identified three Android malware families that have infiltrated the Google Play Store and are concealing their harmful payloads inside several ostensibly innocent applications.

Users who downloaded the malicious apps experienced data theft, social media account hijacking, SMS interception, and unauthorized payments to their cell accounts.

The “Joker,” “Facestealer,” and “Coper” malware families were found in the Google Play Store by Zscaler’s ThreatLabz.

All applications were later taken off the Play Store when the analysts alerted Google of their findings. However, those who continue to use these malicious apps must uninstall them and carry out a device lean-up to uproot any leftovers.

The Joker

A member of the Joker virus family will subscribe mobile numbers to expensive wireless application protocol (WAP) services while also stealing data from infected devices, such as SMS messages and the victim’s contact list.

According to Zscaler’s analysis, there are 50 applications trojanized with Joker that together have received over 300,000 Play Store downloads.

It is simpler for malware to obtain the high-level capabilities required for its destructive operation since almost half of them are communication applications, which naturally need users to allow access to dangerous permissions.

The payload is currently concealed by the Joker developers as a shared asset file in base64-obfuscated form, occasionally with a JSON, TTF, PNG, or database file extension.

According to Zscaler in the research, “Many Joker applications conceal the payload in the assets folder of the Android Package Kit (APK) and construct an ARM ABI executable to escape detection by most sandboxes which are built on x86 architecture.”

The Facestealer

Facestealer, as implied by the name of the virus, uses false login forms overlayed on top of authentic app login forms to steal victims’ Facebook accounts.

Malicious Android App
The app allegedly requires a Facebook login to use it (Zscaler)

The researchers discovered one software, a seemingly trustworthy program called “Vanilla Snap Camera,” that included the specific virus family hidden in its code.

The Coper

Coper is an information-stealing virus that can send malicious SMS texts, execute overlay assaults, log text written on the devices, intercept SMS messages, and transfer data back to the attacker’s servers.

Analysts at Zscaler discovered at least one app with the name “Unicc QR Scanner” that had 1,000 infected devices due to Coper being hidden in its code.

payload download after installation
payload download after installation (Zscaler)

The app does not include any harmful code when it is first downloaded, but after it has been activated and installed, it will download the malware through a phony software update.

Guidelines for safety from Malicious Apps

Install only absolutely necessary apps from the Google Play Store, check reviews before installing an app to see whether anybody has reported harmful behavior, and only trust big, well-known publishers to reduce the likelihood of getting a malicious app.

When installing an app, pay close attention to the permissions that are asked and avoid allowing access to hazardous ones, especially if they don’t appear to be related to the program’s primary features.

Last but not least, make sure Play Protect is turned on for your device and routinely check your network data and battery use to find any possibly suspicious applications that could be running.

Ditch the Scroll, Dive Deep: Tech's Weekend Must-Read Delivered to Your Inbox.
[newsletter_signup_form id=1]
Picture of Sheu Abdullateef Funsho
Sheu Abdullateef Funsho
I'm a certified tech expert with over a decade of experience. Serving as a Blogger, Copywriter, Web Designer, Crypto Expert, and Digital Marketer. I'm passionate about sharing unique insights and ideas on technology and trends. Need help with any of these areas? DM me, and let's collaborate to achieve your goals with cutting-edge expertise.
Related Articles
Xiaomi devices with Android 16
Taming Notification Overload: Android 16's Gmail-Style Bundled Notifications
Android 15 QPR2 Beta 2
Pixel Phones Get Android 15 QPR2 Beta 2 with Android 16 Sneak Peek
OnePlus 12 Leaps Ahead
OnePlus 12 Leaps Ahead with Early Android 15 Update (But There's a Catch)
Get ready for Android 15
Android 15 is Here: How to Prepare Your Device for the Upgrade
Android 15 and One UI 7
One UI 7: Samsung's Bold New Interface Overhaul Coming to Galaxy S25 Ultra
Android 15 and One UI 7
Samsung One UI 7 Update: Android 15 Arrives on Galaxy Devices

Leave a Comment

Your email address will not be published. Required fields are marked *

Latest Posts
FaceTime
Master FaceTime Audio & Video Settings in iOS 18 for Crystal-Clear Calls
Galaxy S25 Slim
Galaxy S25 Slim: Ultra-Thin Design with Flagship Features? (Rumors & Analysis)
HyperOS 2.1 Smarter QR Code Scanning
HyperOS 2.1: Smarter QR Code Scanning is Here
Samsung Galaxy S25+ and S25 Ultra
Samsung Galaxy S25+ and S25 Ultra Renders Leak: A Closer Look
Scroll to Top