"Google Boots Multiple Malware-laced Android Apps from Marketplace"

Google has removed eight apps from its Google Play store that were spreading a new variant of the Joker spyware. However, the malicious apps had already been downloaded over 3 million downloads. Maxime Ingrao of the cybersecurity firm Evina discovered Autolycos malware, which can subscribe users to a premium service as well as access users' SMS messages. Toll fraud malware, also known as fleeceware, is a type of malware in which malicious applications subscribe users to premium services without their knowledge or consent in order to rack up payment charges. The eight applications were discovered spreading Autolycos since June 2021. The cybercriminals behind Autolycos are using Facebook pages and running ads on Facebook and Instagram to promote the malware. The cybercriminals behind Autolycos are promoting the malware through Facebook pages and ads on Facebook and Instagram. Ingrao compared the malware to Joker, a spyware discovered in 2019 that, among other things, secretly subscribed people to premium services and stole SMS messages. Following further investigation, Malwarebytes researchers believe the malware is a new variant of Joker, also referred to as Android/Trojan.Spy.Joker. Joker was the first major malware family that specialized in fleeceware, according to Malwarebytes. The Trojan would hide in the advertisement frameworks utilized by the malicious apps propagating it. These frameworks aggregate and serve in-app ads. After the apps with Joker were installed, they would display a splash screen, which would include the app logo, to evade victims' suspicion while performing various malicious processes in the background, such as stealing SMSes and contact lists as well as performing ad fraud and signing people up for subscriptions without them knowing. This article continues to discuss Google's removal of eight Android apps infected with a Joker spyware variant. 

Threatpost reports "Google Boots Multiple Malware-laced Android Apps from Marketplace"

Submitted by Anonymous on