Joker Malware targets Google Play

One of the most prominent malware families targeting Android devices is the Joker malware.  Designed to steal SMS messages, contact lists, and device information, and to sign the victim up for premium wireless application protocol (WAP) services, this malware keeps finding its way into Google’s official application market.

Zscaler’s ThreatLabz research team (www.zscaler.com) has been constantly monitoring the Joker malware and have seen uploads of it onto the Google Play store, according to its latest blog (www.zscaler.com/blogs?).  ThreatLabz notified the Google Android Security team, who have taken prompt action to remove the suspicious apps from the Google Play store.

This has prompted ThreatLabz to evaluate how Joker is so successful at getting around the Google Play vetting process.  It saw 11 different samples regularly uploaded to Google Play resulting in over 30,000 installs.

Zscaler says “the Joker malware authors have targeted some categories of apps more than others.  For instance, the “Tools” category has been the favourite target of the Joker malware author accounting for 41% of the total payloads we have seen.  ‘Communication’ and ‘Personalization’ are the next most affected categories with 28% and 22% of payload uploads respectively.  The ‘Photography’ category saw 7% payloads.  ‘Health & Fitness’ made up the final 2% of payloads; we believe this category is a new addition as we have not seen this category targeted previously.”

The full blog can be found at www.zscaler.com/blogs/security-research/joker-joking-google-play?