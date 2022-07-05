Four malicious apps on Google Play were discovered by Pradeo, a leading French mobile security company. The apps, according to the team that identified them, are a mix of Joker and Dropper malware and have affected more than 100,000 users.

They are: Smart SMS Messages, Blood Pressure Monitor, Voice Languages ​​Translator and Quick Text SMS. Also according to Pradeo, the apps commit financial fraud and install third-party apps on victims’ smartphones. If you have installed any of them, the orientation is to delete them from the device.

Joker’s main activity is subscribing to unwanted paid services, or texting and calling premium numbers, without users’ knowledge. It is categorized as Fleeceware. Malware has a very discreet footprint that is difficult to detect because it uses as little code as possible.

The four apps detected by Pradeo on Google Play use a series of mechanisms to commit fraud. Blood Pressure Monitor and Smart SMS Messages, for example, intercept one-time passwords to bypass two-factor authentication protocols during in-app purchases.

The messaging program reads the SMS and takes silent screenshots. The pressure monitor intercepts the content of notifications. It is only weeks after use that victims realize the fraud, by looking at the invoice. They are even programmed to install other apps on the devices, acting as a dropper.

Smart SMS MEssages, Blood PRessure Monitor, Voice Languages ​​Translator and Quick Text SMS are the malware applications. Image: Reproduction

To make users of smartphones with the Android operating system attentive, Pradeo explained some precautions that must be taken. According to the security team, several elements make up the pattern of malicious applications.

The first is to note that the developers account only have one app each. When they are banned from the store, they simply create another one.

“Secondly, their privacy policies are short, use a template, never disclose the full extent of activities apps can perform, and are hosted on a Google Doc or Google Site page. Finally, these apps are never related to the name of a company or website.”

