‘Joker’ left cackling after Android malware is downloaded half a million times

A trojan known as ‘the Joker’ has been spotted swiping data and automating ad clicks from more than 20 apps in the Google Play Store. 

The virus was discovered and named after the iconic Batman villain by CSIS Security Group security researcher Aleksejs Kuprins. Kuprins discovered that the malware had been planted in a total of 24 apps on the Google Play Store, including photography apps, messaging services and security apps − even an antivirus app and a VPN app.

Related: Best free antivirus

The trojan is designed to steal money from under victims’ noses by secretly clicking on background ads within the apps. The malware then accesses the user’s texts to sign them up to paid services and confirm monthly transactions.

“This strategy works by automating the necessary interaction with the premium offer’s webpage, entering the operator’s offer code, then waiting for a SMS message with a confirmation code and extracting it using regular expressions,” explained Kuprins.

“Finally, the Joker submits the extracted code to the offer’s webpage, in order to authorize the premium subscription.”

The 24 apps were downloaded over 472,000 times collectively and targeted 37 countries, including the UK and the US.

The number of devices that continue to be affected is currently unknown but if you have any of the following apps on your Android, you should uninstall them immediately:

  • Advocate Wallpaper
  • Age Face
  • Altar Message
  • Antivirus Security – Security Scan
  • Beach Camera
  • Board picture editing
  • Certain Wallpaper
  • Climate SMS
  • Collate Face Scanner
  • Cute Camera
  • Dazzle Wallpaper
  • Declare Message
  • Display Camera
  • Great VPN
  • Humour Camera
  • Ignite Clean
  • Leaf Face Scanner
  • Mini Camera
  • Print Plant scan
  • Rapid Face Scanner
  • Reward Clean
  • Ruddy SMS
  • Soby Camera
  • Spark Wallpaper

Related: Best VPN

Google has been struggling to ban malicious apps from its Play Store for a while now. The company has renewed efforts to up user safety with its Application Security Improvement Program in recent years but it hasn’t been perfect.

Six dodgy apps were caught harvesting data and generating ad clicks in April, and the discovery of the Joker suggests that other infected apps could still be flying under the radar.

Unlike other sites, we thoroughly review everything we recommend, using industry standard tests to evaluate products. We’ll always tell you what we find. We may get a commission if you buy via our price links. Tell us what you think – email the Editor