Android users are warned about four dangerous apps that were available on the official Google Play Store marketplace. Downloaded over 100,000 times on Android devices, these apps secretly hid dangerous Joker malware. This notorious malware is capable of enrolling Android users in expensive subscription services without their knowledge, which can cost them hundreds of pounds.
The four dangerous Android apps that Google has now finally banned were spotted by security firm Pradeo, who published their latest findings in a post online.
The apps that Android users must avoid are Smart SMS Messages, Blood Pressure Monitor, Voice Languages Translator and Quick Text SMS.
Pradeo urged Android users to immediately delete these apps from their phones or tablets if they have already downloaded them.
The mobile security company said: “Pradeo has just identified four new malicious applications that embed the Joker malware and act as droppers that are available for download on Google Play. Together they have been installed by over 100,000 users.
“Users are advised to delete these applications from their smartphones and tablets immediately to avoid fraudulent activity.”
Pradeo said that both smart text messages and the blood pressure app have a very dangerous feature, which is the ability to read one-time passwords.
These time-limited codes are used when two-factor authentication (2FA) is enabled, which aims to provide an extra layer of security.
According to Pradeo, Smart SMS Messages steals these codes by taking screenshots while Blood Pressure is accessing notification content.
This all happens without the victim’s knowledge, with users not realizing the scam until they receive their bills, which can be weeks later.
Besides this dangerous functionality, all apps highlighted by Pradeo are capable of downloading other malicious programs onto a device.
Advising Android users on how to stay safe, Pradeo mentioned a commonality between these apps that should ring alarm bells in Android users’ minds.
They said: “We noticed several elements that form a pattern when it comes to malicious applications on Google Play that could help users to anticipate their malicious nature. First, their developers’ account only includes one app at a time. Usually, once they get banned from creating the store, they just create another one. Second, their privacy policies are short, use a template, never disclose the full scope of activities the apps can perform, and are hosted on a Google Doc or Google Site page. After all, these applications are never associated with any company name or website.”
If you have downloaded any of the above apps, here’s how to delete them from your device…
Open the Google Play Store app
Tap the profile icon in the top right
Tap Manage apps and devices > Manage
Tap the name of the app you want to delete