Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

‘Joker’ left cackling after Android malware is downloaded half a million times

A trojan known as ‘the Joker’ has been spotted swiping data and automating ad clicks from more than 20 apps in the Google Play Store. 

The virus was discovered and named after the iconic Batman villain by CSIS Security Group security researcher Aleksejs Kuprins. Kuprins discovered that the malware had been planted in a total of 24 apps on the Google Play Store, including photography apps, messaging services and security apps − even an antivirus app and a VPN app.

Related: Best free antivirus

The trojan is designed to steal money from under victims’ noses by secretly clicking on background ads within the apps. The malware then accesses the user’s texts to sign them up to paid services and confirm monthly transactions.

“This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions,” explained Kuprins.

“Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription.”

The 24 apps were downloaded over 472,000 times collectively and targeted 37 countries, including the UK and the US.

The number of devices that continue to be affected is currently unknown but if you have any of the following apps on your Android, you should uninstall them immediately:

  • Advocate Wallpaper
  • Age Face
  • Altar Message
  • Antivirus Security – Security Scan
  • Beach Camera
  • Board picture editing
  • Certain Wallpaper
  • Climate SMS
  • Collate Face Scanner
  • Cute Camera
  • Dazzle Wallpaper
  • Declare Message
  • Display Camera
  • Great VPN
  • Humour Camera
  • Ignite Clean
  • Leaf Face Scanner
  • Mini Camera
  • Print Plant scan
  • Rapid Face Scanner
  • Reward Clean
  • Ruddy SMS
  • Soby Camera
  • Spark Wallpaper

Related: Best VPN

Google has been struggling to ban malicious apps from its Play Store for a while now. The company has renewed efforts to up user safety with its Application Security Improvement Program in recent years but it hasn’t been perfect.

Six dodgy apps were caught harvesting data and generating ad clicks in April, and the discovery of the Joker suggests that other infected apps could still be flying under the radar.

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.