The Joker malware is back again on Google Play, this time spotted in a mobile application called Color Message. The app was downloaded more than 500,000 times before its removal from the store.
Users should immediately delete Color Message from their devices to avoid being defrauded, researchers at Pradeo Security warned.
Joker is a persistent threat that’s been kicking around since 2017, hiding itself within legitimate-seeming, common application types like games, messengers, photo editors, translators and wallpapers, many of them aimed at children. But once installed, Joker apps subscribe victims to unwanted, paid premium services controlled by the attackers – a type of billing fraud that researchers categorize as “fleeceware.” Often, the victim is none the wiser until the mobile bill arrives.
