A malware-infected Android app with over 500,000 downloads on Google Play. An attacker-controlled server receives user contact information and registers them for mistakenly paid premium subscriptions.
Color Message (“com.guo.smscolor.amessage”), a messaging software, was found to contain the newest Joker virus. It can also link to Russian servers and generate false clicks to cash in on fraudulent adverts. Color Message “accesses users’ contact information and exfiltrates data across the network,” according to Pradeo. “The application can hide its icon once installed, making removal difficult.”
Joker, found at the end of 2017, is a notable malware known for stealing contacts, SMS messages, and device information without the users’ knowledge. Android’s Security and Privacy Team stated that malware developers “have at some point used just about every cloaking and obfuscation technique under the sun in an attempt to go undetected.”