Google Play Removes App With 500,000 Downloads After Catching It Harvest User Data

A popular Android app with over 500,000 downloads was removed from Google Play earlier today after security researchers detected that it was hosting a dangerous strain of malware.

The malicious component stealthily used the app to collect personal data from unsuspecting users and send it to a remote server that appears to be in Russia.

To be more specific, the malware was noticed harvesting users’ contacts before dispatching them to the perpetrator’s server. Subsequently, users would be signed-up for expensive subscriptions and services, potentially through the contact info they unwittingly provided to the app-malware symbiote.

The app, called Color Message, was used to personalize text messaging in various ways, such as sending emojis through SMS/MMS, blocking spam, customizing app themes and encrypting messages.

Reportedly, the app hosted a malware strain known as Joker, which is notorious for frequently surfacing in various apps and infecting millions of Android devices. To complicate things even more, presumably, Color Message could hide its icon after it was deployed on the target device, which is uncommon without root access or third-party apps or libraries.

Joker is currently one of the most prolific strains of malware, having infected millions of users by infiltrating hundreds of Android apps. What makes this malicious component so dangerous is that its small code footprint helps it go unnoticed most of the time, combined with the cunning methods its developers use to hide it.

Joker belongs to the Fleeceware family, which describes malware mobile apps that comprise hidden and often expensive subscription fees.

Aside from targeting users with hidden fees, this malware can intercept text messages and simulate clicks to covertly sign up unsuspecting users to expensive subscription plans. Google Play has a built-in malware and app scanner, but unfortunately, some malicious components still manage to slip through the defenses.

To avoid being exposed to dangerous situations, users are advised to download apps from tested and proven developers.

Furthermore, users should avoid granting too many permissions to installed apps, especially when they have little or nothing to do with the apps’ functionality.