Google back last year removed 24 apps infected with the ‘Joker‘ malware from its Play Store. The apps before being removed had amassed over 5,00,000 downloads. At the time Google did not details what the malware did. Now, the company has opened up a bit and provided us with more details regarding it.
It claims that the ‘Joker’ malware is a harmful “large-scale billing fraud family“, which tried a lot to get past the company’s security walls and charge users unethically.
The malware started back in 2017, where it indulged in SMS fraud. After Google restricted use of SMS permission, it moved to toll billing fraud. Google in a blog post, claims that the Joker malware family has used every cloaking and obfuscation technique to go undetected.
Under the toll billing fraud, the family made the user visit a URL to complete billing and enter their phone number. It used injected clicks, custom HTML parsers and SMS receivers to automate the billing process without the user noticing.
Google stated that these apps were uploaded as clean apps and after being confirmed added the malicious code via an update. At times there are 23 different apps being uploaded to the Play Store under this malware family, whereas, sometimes there are no apps being uploaded for weeks.
Google says it has detected and removed 1,700 unique apps from the malware family on its Play Store, even before being downloaded by a single user.