Android User? Delete These Apps Now

John Lister's picture

Nearly half a million users have been infected with "The Joker" malware through the Google Play store. The malware is particularly nasty and works by signing users up to premium services without their knowledge.

The malware, spotted by researcher Aleksejs Kuprins, was found in 24 apps with a combined 472,000 downloads - though more apps may be found later. As of this writing, the 24 known apps have been removed from the Google Play store. (Source:

Infected Apps Need to be Removed

If you have any of the following apps installed on your phone, they should be removed immediately.

The infected apps list is as follows:

  • Advocate Wallpaper
  • Age Face
  • Altar Message
  • Antivirus Security - Security Scan
  • Beach Camera
  • Board picture editing
  • Certain Wallpaper
  • Climate SMS
  • Collate Face Scanner
  • Cute Camera
  • Dazzle Wallpaper
  • Declare Message
  • Display Camera
  • Great VPN
  • Humour Camera
  • Ignite Clean
  • Leaf Face Scanner
  • Mini Camera
  • Print Plant scan
  • Rapid Face Scanner
  • Reward Clean
  • Ruddy SMS
  • Soby Camera
  • Spark Wallpaper

Scam Happens Out Of Sight

As is a familiar story with Android malware, most of the apps claimed to perform a simple task, and it appears the to be delivered as promised. The problem was what happened behind the scenes.

The Joker malware is specially crafted to only work if the user's SIM card is registered in one of 37 countries, including the US, Brazil, Australia and most of Europe and Asia. All of these countries have mobile networks that allow users to subscribe to digital services, with the charges applied to their monthly phone service fee or taken out of a pay-as-you-go credit balance.

The compromised apps are set up to receive encrypted instructions from a remote server, making it less likely they'll be spotted by security scans. The app will then usually display a screen with the app logo while "loading." In fact, this was when the nefarious activity was happening behind the scenes.

Malware Scans Incoming SMS

Once activated, the malware secretly loads a subscription page (which the user can't see) and signs up to a service. It then continues working in the background, looking for a confirmation code sent via SMS text message - something that's designed to be a security measure.

The malware intercepts the message, copies the code and provides it to the subscription service as if the user had typed it in. The user is then hit with a monthly charge, which is usually quite small - around $7.40 USD in one case. (Source:

The scheme appears to be to go for a large number of victims while keeping the individual amounts small enough that there's less chance of people spotting the scam, unless they check their bills carefully.

What's Your Opinion?

Could and should Google do more to stop malware getting into Play Store apps? Should Google send a direct warning to users it knows have downloaded these apps? Should users be allowed to opt out of all digital subscriptions through their phone to remove this risk?

Rate this article: 
Average: 5 (14 votes)


ronangel1's picture

As soon as I signed up to my mobile service provider I told them to turn off premium services and texts to prevent this sort of thing happening if I lost phone,someone used it or accidently subscribed to premium text service. I never use these services or play games on the phone.