Android app found to exfiltrate users’ contact list
To make it difficult to remove, the app has the option to hide its icon once installed.
According to cybersecurity firm Pradeo, an app on Google Play with more than 5 lakh installs sent users’ contacts to an attacker-controlled server that appears to be located in Russia.
(Sign up for our technology newsletter, Today’s Cache, for insights into emerging themes at the intersection of technology, business and politics. Click here to subscribe for free.)
“A mobile app called Color Message infected with Joker malware is currently available for download on Google Play and has been installed by over half a million users,” security firm Pradeo said in a blog post.
“Our analysis of the Color Message application through the Pradeo Security engine shows that it accesses the users’ contact list and exfiltrates it on the network.”
Read also | Think twice before giving apps access to information stored on the phone
Joker is classified as Polar. Its main activity is to simulate clicks and intercept SMS to subscribe users to unwanted and unknown paid premium services. To make it difficult to remove, the app has the option to hide its icon once installed. Over the past two years, the malware has been found hidden in hundreds of apps, Pradeo said.
The app’s terms and conditions are hosted on an unbranded one-page blog and do not disclose the scope of actions the app can perform on users’ devices.
Read also | Pegasus Number | What are zero-click attacks and how do they infect smartphones?
The security company advised users to remove the app from their devices immediately to avoid fraudulent activities.