An app in Google Play with more than 5 lakh installs was found to send users’ contacts to an attacker-controlled server that appears to be located in Russia, according to cybersecurity firm Pradeo.
(Sign up to our Technology newsletter, Today's Cache, for insights on emerging themes at the intersection of technology, business and policy. Click here to subscribe for free.)
"A mobile application called Color Message infected with Joker malware is currently available for download on Google Play and was installed by more than half a million users," security firm Pradeo said in a blog post.
"Our analysis of the Color Message application through the Pradeo Security engine shows that it accesses users’ contact list and exfiltrates it over the network."
Also Read | Think twice before giving apps access to info stored on phone
Joker is categorised as fleeceware. Its main activity is to simulate clicks and intercept SMS to subscribe users to unwanted and unknown paid premium services. To make it difficult to be removed, the application has the capability to hide its icon once installed. In the last two years, the malware was found hiding in hundreds of apps, Pradeo said.
The app's terms and conditions are hosted on an unbranded one page blog and do not disclose the extent of the actions the app can perform on users’ devices.
Also Read | Pegasus Issue | What are zero-click attacks and how do they infect smartphones?
The security firm has advised users to immediately delete the app from their devices to avoid fraudulent activities.
