Recently, the Log4Shell vulnerability has been the threat that every cybersecurity firm is talking about. However, regardless of how dangerous this bug is, hackers are not limiting themselves to it when it comes to committing their malicious practices.
While the world’s leading companies are trying to protect themselves from any possible Log4Shell exploitation, hackers are spreading the Joker malware within an Android app that exists (existed) on Google Play Store.
The messaging-focused app named Color Message looks fun, but in the background, it does all kinds of malicious practices that cost users a lot. What is this all about? What does the app do exactly? Find out in the following article.
Color Message – Code RED for Malware
Having an Android device means that you can tinker with its operating systems at will. After all, it does rely on open-source code.
While this may sound like a fun thing to do, this particular feature makes Android devices more susceptible to cyberattacks.
Lately, a new malware campaign emerged through an application that’s been downloaded more than 500,000 times on Google Play Store.
The app goes by the name of Color Message, a fun tool that helps generate designs cool messages with fabulous effects, colored texts, cursive fonts, and colorful bubbles.
Such an app can be very appealing to many users, which might be the main reason why hackers decided to target them through it.
Color message hosts the joker malware, which can easily harvest the victims’ contact list and send it to the threat actor’s server.
Aside from that, in the background, the app signs up the users to unwanted paid premium subscriptions without their consent or even their knowledge.
On the other hand, the app simulates clicks in order to generate revenue from malicious ads and connects to servers located in Russia.
According to Pradeo:
“Our analysis of the Color Message application through the Pradeo Security engine shows that it accesses users’ contact list and exfiltrates it over the network. Simultaneously, the application automatically subscribes to unwanted paid services unbeknownst to users. To make it difficult to be removed, the application has the capability to hides it icon once installed.”
The joker malware is famous for carrying out all sorts of malicious acts. That includes billing fraud, intercepting SMS messages, contact details, and device information. All that and still while unbeknownst to users.
Fortunately for future users, the official app marketplace has since removed the app from within its library.
The Joker Marware – Fleeceware You don’t Want Around
The Joker malware has hit multiple devices in the past, and apparently, has a lot more to target. The problem lies in the fact that the infected apps exist on the official Google Play Store.
That’s more than enough to trick any user due to the store’s so-called legitimacy. This is completely true, but still – you have to be careful.
Threat actors are always coming up with new tactics to target new victims. With the proper knowledge, you can avoid such predicaments. Stay safe.
