Joker fleeceware continues to ravage the Google Play Store

4th September 2020

Were you aware that doing something as simple as downloading an application (app) on your mobile or tablet could cause you serious problems? You may be wondering how. Well some of these applications could be infected with malware that can be used to damage or gain unauthorised access to your mobile device or tablet. One type of particularly nasty piece of malware is fleeceware or billing-fraud malware.

Billing-fraud malware (fleeceware) is where the malware simulates clicks, acting as a device user and often tricking you into subscribing to premium services that you may not want. It also overcharges you for basic app functions such as simply having the app installed on your device. If you are using a free trial on an app with this kind of malware installed, you could be seriously stung if the app is not removed immediately after the trial expires. The app does this by overcharging for any premium functionality or content. A new strain of this particular type of malware that is advertising itself as a legitimate app is hiding on the Google Play Store, ready to attack unsuspecting users. It is known as “Joker”.

Google have had to remove six more apps last week from the Play Store after it was discovered that they were infected by this malware. This is measly however, in comparison to the 17,000 that they already removed in January. Google keep finding more and more apps that are being used to spread the malware.

Worryingly, over 200,000 installs were performed just from the 6 recently removed apps alone. It is predicted that a large proportion of the people who downloaded these apps still have them installed on their devices. Users have been urged to immediately delete the apps.

The apps that are being used to spread this malware have been evading Google’s security since 2019. The hackers behind the malware are doing this by constantly updating the source code. Once these apps are on a user's device, they then continue to download more malicious code. Due to the code constantly changing, Google have been having an extremely hard time tracking and removing the apps. But they are working on steps to try and remove this malware from the Play Store for good.

Concerned about smartphone, tablet, computer or other cybersecurity matters? Call us for advice.

Photo by Indrajeet Choudhary on Unsplash