NewsOnline Security

The Joker Malware Hits Again – Over 500,000 Android Users Affected

Recently, the Log4Shell vulnerability has been the threat that every cybersecurity firm is talking about. However, regardless of how dangerous this bug is, hackers are not limiting themselves to it when it comes to committing their malicious practices.

While the world’s leading companies are trying to protect themselves from any possible Log4Shell exploitation, hackers are spreading the Joker malware within an Android app that exists (existed) on Google Play Store.

The messaging-focused app named Color Message looks fun, but in the background, it does all kinds of malicious practices that cost users a lot. What is this all about? What does the app do exactly? Find out in the following article.

Color Message – Code RED for Malware

Having an Android device means that you can tinker with its operating systems at will. After all, it does rely on open-source code.

While this may sound like a fun thing to do, this particular feature makes Android devices more susceptible to cyberattacks.

Lately, a new malware campaign emerged through an application that’s been downloaded more than 500,000 times on Google Play Store.

The app goes by the name of Color Message, a fun tool that helps generate designs cool messages with fabulous effects, colored texts, cursive fonts, and colorful bubbles.

Such an app can be very appealing to many users, which might be the main reason why hackers decided to target them through it.

Color message hosts the joker malware, which can easily harvest the victims’ contact list and send it to the threat actor’s server.

Aside from that, in the background, the app signs up the users to unwanted paid premium subscriptions without their consent or even their knowledge.

On the other hand, the app simulates clicks in order to generate revenue from malicious ads and connects to servers located in Russia.

According to Pradeo:

“Our analysis of the Color Message application through the Pradeo Security engine shows that it accesses users’ contact list and exfiltrates it over the network. Simultaneously, the application automatically subscribes to unwanted paid services unbeknownst to users. To make it difficult to be removed, the application has the capability to hides it icon once installed.”

Joker Android Malware

The joker malware is famous for carrying out all sorts of malicious acts. That includes billing fraud, intercepting SMS messages, contact details, and device information. All that and still while unbeknownst to users.

Fortunately for future users, the official app marketplace has since removed the app from within its library.

The Joker Marware – Fleeceware You don’t Want Around

The Joker malware has hit multiple devices in the past, and apparently, has a lot more to target. The problem lies in the fact that the infected apps exist on the official Google Play Store.

That’s more than enough to trick any user due to the store’s so-called legitimacy. This is completely true, but still – you have to be careful.

Threat actors are always coming up with new tactics to target new victims. With the proper knowledge, you can avoid such predicaments. Stay safe.

Jonathan Beesly

Jonathan is the main author at He regularly publishes posts that aim to introduce better cyber-security practices to the masses.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button