Four new applications in the Google Play Store that have collectively had more than 100,000 users install them have been found to contain the “virus” Joker (also known as Bread) by cyber security expert Pradeo.
Joker, a malware that targets paid SMS, in-app purchases, and subscriptions to premium services, was first identified by Google in early 2017 and has subsequently been found in thousands of Play Store apps. The user learns about the scam after receiving their mobile usage bill.
According to Pradeo in a blog post, Joker’s trace is “extremely discrete” and challenging to find because it utilizes as little code as possible in the malicious “apps” and keeps it hidden.
The cybersecurity company has now discovered four additional applications on the Google Play Store that contain similar “virus.” is about Quick Text SMS, Voice Language Translator, Smart SMS Messages, and Blood Pressure Monitor.
Two of them, Blood Pressure Monitor and Smart SMS Messages, can get through the two-factor authentication technique that typically guards in-app purchase procedures.
They achieve this by intercepting the infected user’s one-time passwords. Blood Pressure Monitor immediately intercepts the content of the alerts that the user receives on his smartphone, whereas Smart SMS Messages accesses these messages and “quietly” takes screenshots of the same.
According to the consultancy’s investigation, these four “apps” are designed to set up other “apps” on consumer devices and open the door for even more harmful dangers than Joker.
The four “apps” may still be present on devices where they were previously installed even if they are no longer listed in the Google Play Store. Pradeo’s statistics actually show how many downloads they actually had before being dropped.
The most downloaded app was Smart SMS Messages, which had more than 50,000 downloads. The next three apps each had more than 10,000 installations. The consultant mentions more than 100,000 people who are affected in total.
HOW TO DETECT THESE FRAUDULENT “APPS”
Pradeo can speak about “a pattern” that can assist consumers foresee this type of threat because he has found multiple comparable components in the malicious “apps” available on Google Play.
The developer account typically only contains one application, which can raise user suspicions. In addition, if the developer is banned from the store, they simply establish a new account to take the place of the old one.
Privacy policies are still another consideration for users. According to Pradeo, these harmful “apps” are often brief, pre-made, and never explicitly explain what they do. They frequently reside on a Google Doc or Google Sites page as well.
The consultant concludes by noting that this kind of application is never typically linked to a website or the name of a business that supports your activity and inspires customer confidence.