Skip to main content

'Joker' malware snuck into 50 Android apps — delete them before hackers cackle away with your data

Joker malware
Joker malware (Image credit: Getty Images/Snappa)

Why so serious? Is it because you've had it up to here with the sudden onslaught of malware-infected apps pervading the Google Play Store? As if last week's report about money-stealing Android apps wasn't enough to scare us, now we have to worry about a malware family called "Joker" running amok inside the Google Play Store.

According to Zscaler Threatlabz, investigators discovered that Joker infiltrated 50 apps on the Google Play Store. Fortunately, Google promptly kicked them out of its app store, but if you happen to have any of them installed in your device, you must delete them immediately and check out one of our best mobile antivirus apps to rid your phone of any malware residue.

What is Joker malware?

Joker malware, according to Zscaler, is a malicious threat designed to steal your text messages, contact lists and device information. With this data, cybercriminals can sign you up for premium wireless application protocol (WAP) services. Joker sounds similar to toll fraud malware, a threat the Microsoft 365 Defender Research Team warned us about weeks ago.

Over the past two months, Zscaler Threatlabz investigators discovered 50 Joker malware-infested Android apps that attracted over 300,000 downloads in total. The blacklisted apps include Simple Note Scanner, Universal PDF Scanner, Private Messenger, Premium SMS and Text Emoji SMS. Want a full list of the 50 apps?  Click here.

The researchers noted that most of the apps fall under the "communication" category, which makes sense because cybercriminals are seeking access to users' SMS messages.

Joker isn't the only malicious malware family Zscaler researchers spotted. Facestealer malware, which tricks users into entering their credentials by procuring fake Facebook login screens, was also found on the Google Play Store. Finally, Zscaler investigators discovered Coper malware in the Google Play Store, an information-stealing threat that can send malicious SMS texts on their victims' behalf.

How to dodge Joker malware and other cybersecurity threats

Zscaler researchers strongly advise Android users to stop giving permissions to untrustworthy apps; you may be unwittingly giving hackers access to sensitive information.

"Stick to the sources and providers you know and trust. Look for apps with very high install numbers and positive reviews. Seek out apps that are recommended by sources you trust and also feature lots of installs and positive reviews," Zscaler said in its report.

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!