An app with malware was finally removed from the Google Play Store, but not before it was installed more than 500,000 times. The app, called Color Messages, enhances text messaging by adding emoji to it. Pradeo Security (via ars Technica) wrote on Thursday that the app is infected with the Joker malware and appears to be connecting to Russian servers.
The Joker malware is ready to separate you from your hard-earned money
Based on Pradeo’s analysis, Color Messages app accesses users’ contact lists and also enrolls victims in unwanted premium paid services without their knowledge. That’s a feature of Joker, known as Fleeceware, as it simulates clicks and intercepts text messages to sign up users for the aforementioned premium services. It also uses as little code as possible, making Joker difficult to detect.
Comment section of Color Posts
The report notes that Joker was discovered in hundreds of apps in the past two years. As for Color Message, although it has been removed and is no longer available on the Google Play Store, if you have the app installed on your Android phone, it can still sign you up for expensive services that you don’t need or want.. So it’s best to uninstall the app from your handset as soon as possible.
We hate to sound like a broken record, but we’ve often advised you to look at the comments section of an app’s listing in the App Store (for iOS apps) or the Google Play Store (for Android apps). You will find red flags in the comments section and this was again the case with this app. One comment said: “They took money from my phone. I just installed this app on my phone and got a text that I was 1 EUR over my phone limit because I only downloaded this stupid app. Very disappointed.”
Another post in the comment section just said “This is a scam app. Don’t install it.” One comment said, “Deceptive ad and worst app ever.” And another comment stated, “Sim balance deduction without any authorization and illegal.” Anyone who took even a cursory glance at the comment section would have seen enough to figure out that this app should have been given a wide berth.
And since the icon disappears and hides after the app is installed, it’s easier said than done to remove it from your phone. Victims don’t initially realize they’ve signed up for a premium service that they don’t need or want, they often have to take a financial hit with no real chance of getting their money back.
How do these apps get past Google Play Protect?
You may be wondering how these apps get past Google Play Protect, which is supposed to perform a security check on apps from the Google Play Store before they are installed on users’ phones. These malicious apps can fool you Google by postponing their true intentions. Once installed on an Android phone via an infected app, Joker enrolls you in premium WAP (wireless application protocol) services without your knowledge or permission, and steals your text messages, contact lists and information about your device.
But at first, everything about the app seems copacetic, allowing it to sneak past the bouncer like a, well, like the Trojan horse from Greek mythology.
We cannot emphasize enough that the comment section is key to avoiding the headaches that often follow installing a Joker-laden app. The companies offering the premium services are not the most ethical and if you do have to deal with them, they will remind you of used car salesmen or interstate moving companies. Of course, this only applies to apps from developers you’ve never heard of. If you see an app developed by one of the best mobile developers, you probably don’t have to worry about getting scammed.