Android users are warned about four dangerous apps which were available on the official Google Play Store. These apps, which have been downloaded more than 100,000 times on Android devices, secretly hid the dangerous Joker malware. This infamous malware is capable of subscribing Android users to expensive subscription services without their knowledge, which can cost them hundreds of dollars.
The four dangerous Android apps, which Google has now permanently banned, were discovered by security firm Pradeo, which revealed its latest findings in an online article.
The apps that Android users should avoid are Smart SMS Messages, Blood Pressure Monitor, Voice Languages Translator, and Quick SMS.
Pradeo has asked Android users to immediately remove these apps from their phones or tablets, if they have already downloaded them.
The mobile security company said: “Pradeo has just identified four new malicious apps that embed the Joker malware and act as droppers, available for download from Google Play. Together they have been installed by more than 100,000 users.
“Users are advised to immediately remove such apps from their smartphones and tablets to prevent fraudulent activity.”
Pradeo said Smart SMS Messages and the Blood Pressure app have a very dangerous feature, which is the ability to read one-time passwords.
These time-limited codes are used when two-factor authentication (2FA) is enabled, which aims to provide an additional layer of security.
Pradeo said Smart SMS Messages steals these codes by taking screenshots, while Blood Pressure accesses the content of notifications.
All of this happens without the knowledge of the victim, with users only noticing the fraud when they receive their bills, which can take weeks later.
Apart from this dangerous feature, all applications highlighted by Pradeo are capable of downloading other malicious programs to a device.
Advising Android users on how to stay safe, Pradeo mentioned one thing these apps had in common that should set alarm bells ringing in Android users’ heads.
They said, “We noticed several elements that make up a pattern when it comes to malicious apps on Google Play, which could help users anticipate their malicious nature. First, their developers’ account has only one app each. Usually once they get banned from the store, they just create another one. Second, their privacy policies are short, use a template, never disclose the full scope of activities the apps can perform and are hosted on a Google Doc or Google Site page. Finally, these apps are never linked to a company name or website.”
If you downloaded any of the apps mentioned above, here’s how to remove them from your device…
Open the Google Play Store app
At the top right, tap the profile icon
Tap Manage apps & devices > Manage
Tap the name of the app you want to remove