Disclaimer: We may earn a commission if you make any purchase by clicking our links. Please see our detailed guide here.

Follow us on:

Google News

Malware Found in Google Play Store Affected Millions of Devices

Join the Opinion Leaders Network

Join the Techgenyz Opinion Leaders Network today and become part of a vibrant community of change-makers. Together, we can create a brighter future by shaping opinions, driving conversations, and transforming ideas into reality.

As we all know, Google has already removed 17 apps from Play Store after they were found infected by Joker or Bread malware. The cloud security company Zscaler apparently found malicious apps and immediately reported them to Google. However, the reports show that the infected apps were downloaded around 1.2 lakh times by that time, and millions of users are possibly affected by them.

According to Viral Gandhi, a security researcher from Zscaler, these apps were infected by the Joker aka Bread malware which opts to steal user information and register them to WAP services at the same time.

He said:

This spyware is designed to steal text messages, contact lists, and device information. At the same time, it is quietly registering victims for advanced wireless application protocol (WAP) services.

Now, what is these WAP services? WAP or Wireless Application Protocol is an application environment and set of communication protocols for wireless devices designed to enable manufacturer – vendor and technology-independent access to the internet and advanced telephony services. By registering for this service, user information becomes freer to access.

After getting the reports from Zscaler, Google deleted these apps from its official Play Store. In order to stop this kind of malware, the tech giant also introduced the Play Protect disable service. However, users still need to intervene to delete these applications from the device manually.

How Joker affects Google?

Joker aka Bread is known for conducting billing frauds by intercepting SMS to subscribe to unwanted paid services. It disguises itself as legitimate apps and makes purchases using WAP billing on behalf of users without them knowing about it. This is the third time the Google security team has recently dealt with Joker-infected applications.

Joker has become more of a subject of irritation to the tech giant of which they can’t seem to get over. Previously, Google deleted 6 infected apps, and in July. Google security researchers also found a batch of applications infected by Joker. As per the reports, this batch of the virus has been active since March and has successfully infected millions of devices.

According to Google, these infected applications use a technique called ‘droppers’ which is very simple, but difficult to defend. This technology allows the infected application to bypass Google’s security defense system, go directly to the Play Store and finally infect the user’s device in multiple stages.

The stages of infecting a device combine multiple processes. First, the creator of the malware will clone the legitimate application function and upload it to the Play Store. This clone application works the same as the original one and can request access. However, it will not perform any malicious operations the first time it runs. Google is unable to detect any malicious codes from these applications as their operations are often delayed for hours or days.

Once the user installs this application, it eventually downloads or drops other components or applications containing Joker malware or malicious software. This puts the user’s personal information into danger.

Google has already informed that Joker is one of the persistent malware they have been dealing with for quite a while. It has also stated that its security team has removed more than 1,700 applications from the Play Store since 2017. Though this kind of malware is difficult to remove, users can avoid them by staying alert when installing applications with broad permissions.

So, next time when a particular application lookout for suspicious permissions like SMS messages, contacts or call logs; make sure to check if it is infected or not.


Partner With Us

Digital advertising offers a way for your business to reach out and make much-needed connections with your audience in a meaningful way. Advertising on Techgenyz will help you build brand awareness, increase website traffic, generate qualified leads, and grow your business.

Power Your Business

Solutions you need to super charge your business and drive growth

More from this topic