Google Play app with 500,000 downloads sent user contacts to Russian server

Google Play app with 500,000 downloads sent user contacts to Russian server


A robotic hand tries to activate a smartphone.

An Android app with greater than 500,000 downloads from Google Play has been caught internet hosting malware that surreptitiously sends customers’ contacts to an attacker-controlled server and indicators up customers to expensive subscriptions, a safety agency reported.

The app, named Color Message, was nonetheless out there on Google servers on the time this submit was being ready. Google eliminated it greater than three hours after I requested the corporate for remark.

Ostensibly, Color Message enhances textual content messaging by doing issues resembling including emojis and blocking junk texts. But in accordance to researchers at Pradeo Security stated on Thursday, Color Message comprises a household of malware often known as Joker, which has contaminated hundreds of thousands of Android units prior to now.

“Our analysis of the Color Message application through the Pradeo Security engine shows that it accesses users’ contact list and exfiltrates it over the network,” the corporate’s weblog submit said. “Simultaneously, the application automatically subscribes to unwanted paid services unbeknownst to users. To make it difficult to be removed, the application has the capability to hide its icon once installed.”

Pradeo’s discovery marks solely the newest occasion of Google internet hosting malicious wares that hurt customers of its Android cell working system. While the corporate scans apps for malware and often removes enormous numbers of submissions proactively, there’s no scarcity of apps Google misses. The frequent experiences of rogue apps out there via Play tarnishes an in any other case clear safety scorecard for the cell OS, no less than because it’s out there on Google-developed Pixel units.

Joker falls right into a class of malware often known as Fleeceware. It simulates clicks and intercepts textual content messages in an try to surreptitiously subscribe customers to paid premium providers they by no means meant to purchase. Joker is tough to detect due to the tiny footprint of its code and the strategies its builders use to stash it. Over the previous few years, the malware has been discovered lurking in a whole lot of apps downloaded by hundreds of thousands of individuals.

Besides sending customers’ contacts to a server that seems to be situated in Russia and subscribing to undesirable providers, Color Message additionally fails to disclose the extent of the actions the app can carry out on customers’ units.

As regular, Android customers needs to be circumspect earlier than downloading apps. An excellent rule of thumb is to obtain apps solely after they present a real profit after which to select ones made by recognized firms, when attainable. People also needs to learn the user evaluations to see if there are experiences of malice.

Leave a Reply

Your email address will not be published. Required fields are marked *