Google removed 17 apps from the Play Store after complaint
Posted: Wed Apr 23, 2025 5:10 am
“Programs have accumulated 120,000 downloads, according to store data. Applications should be automatically removed from devices.”
App icons removed from the Play Store after analysis by Zscaler — Photo: Zscaler/Reproduction
App icons removed from the Play Store after analysis by Zscaler — Photo: Zscaler/Reproduction
Google has removed 17 apps from its Play Store that were infected with an Android virus known as “Joker.” According to security firm Zscaler, which said it reported the malware to Google and published an analysis of the apps, the programs managed to garner 120,000 downloads.
The Joker virus, which was being poland mobile database on the apps, has been known since 2017. It carries out payment fraud, either in the apps themselves with unauthorized subscriptions or through purchases made via SMS . The virus also captures SMS messages and the victim's contact list.
The malicious programs were registered in the official Android store with the promise of performing functions such as scanning and converting documents to PDF, translating text, sending secure messages and editing photographs.
If any of the 17 malicious apps have been installed, they should be automatically removed from the device by Google Play Protect . This security system is part of the Play Store and analyzes all programs installed and downloaded on the device.
Play Protect performs periodic scans on your device. To start a manual scan, open the Play Store app and look for the “Play Protect” option in the menu.
How the Joker 'hides'
In January, Google revealed that it had removed more than 1,700 apps containing Joker (which the company calls “Bread”) since its discovery in 2017. In July and August, another 17 apps containing Joker were identified by security firms Check Point and Pradeo.
Experts point out that Joker adopts several techniques to circumvent security mechanisms and not be detected by Google store filters.
The virus code is always downloaded after the initial installation of the app, which means that the version registered in the Play Store does not contain the digital plague.
Although the virus itself almost always acts in the same way, the method used to download it varies from one app to another.
Zscaler reported, for example, that some use a two-stage installation – that is, the seemingly harmless malicious app registered on the Play Store downloads another malicious app (first stage) which then downloads the virus (second stage).
In other versions, the download occurs in a single step, but the mechanism for hiding the address varies – from encryption to “useless” words in the middle of the address, which are ignored by the code.
With these small differences, it is not easy to detect all malicious apps registered in the Play Store after a single version of the virus is identified, nor to adopt filters capable of identifying future versions of the program.
Users, however, can take precautions by avoiding installing applications with very low ratings , recently registered applications or with other suspicious signs.
Source:
App icons removed from the Play Store after analysis by Zscaler — Photo: Zscaler/Reproduction
App icons removed from the Play Store after analysis by Zscaler — Photo: Zscaler/Reproduction
Google has removed 17 apps from its Play Store that were infected with an Android virus known as “Joker.” According to security firm Zscaler, which said it reported the malware to Google and published an analysis of the apps, the programs managed to garner 120,000 downloads.
The Joker virus, which was being poland mobile database on the apps, has been known since 2017. It carries out payment fraud, either in the apps themselves with unauthorized subscriptions or through purchases made via SMS . The virus also captures SMS messages and the victim's contact list.
The malicious programs were registered in the official Android store with the promise of performing functions such as scanning and converting documents to PDF, translating text, sending secure messages and editing photographs.
If any of the 17 malicious apps have been installed, they should be automatically removed from the device by Google Play Protect . This security system is part of the Play Store and analyzes all programs installed and downloaded on the device.
Play Protect performs periodic scans on your device. To start a manual scan, open the Play Store app and look for the “Play Protect” option in the menu.
How the Joker 'hides'
In January, Google revealed that it had removed more than 1,700 apps containing Joker (which the company calls “Bread”) since its discovery in 2017. In July and August, another 17 apps containing Joker were identified by security firms Check Point and Pradeo.
Experts point out that Joker adopts several techniques to circumvent security mechanisms and not be detected by Google store filters.
The virus code is always downloaded after the initial installation of the app, which means that the version registered in the Play Store does not contain the digital plague.
Although the virus itself almost always acts in the same way, the method used to download it varies from one app to another.
Zscaler reported, for example, that some use a two-stage installation – that is, the seemingly harmless malicious app registered on the Play Store downloads another malicious app (first stage) which then downloads the virus (second stage).
In other versions, the download occurs in a single step, but the mechanism for hiding the address varies – from encryption to “useless” words in the middle of the address, which are ignored by the code.
With these small differences, it is not easy to detect all malicious apps registered in the Play Store after a single version of the virus is identified, nor to adopt filters capable of identifying future versions of the program.
Users, however, can take precautions by avoiding installing applications with very low ratings , recently registered applications or with other suspicious signs.
Source: