Google Play app with 500,000 downloads sent user contacts to Russian server

A robotic hand tries to activate a smartphone.reader comments

51 with 36 posters participating, including story author

An Android app with more than 500,000 downloads from Google Play has been caught hosting malware that surreptitiously sends users’ contacts to an attacker-controlled server and signs up users to pricey subscriptions, a security firm reported.

The app, named Color Message, was still available on Google servers at the time this post was being prepared. Google removed it more than three hours after I asked the company for comment.

Ostensibly, Color Message enhances text messaging by doing things such as adding emojis and blocking junk texts. But according to researchers at Pradeo Security said on Thursday, Color Message contains a family of malware known as Joker, which has infected millions of Android devices in the past.

“Our analysis of the Color Message application through the Pradeo Security engine shows that it accesses users’ contact list and exfiltrates it over the network,” the company’s blog post stated. “Simultaneously, the application automatically subscribes to unwanted paid services unbeknownst to users. To make it difficult to be removed, the application has the capability to hide its icon once installed.”

fails to disclose the extent of the actions the app can perform on users’ devices.

As usual, Android users should be circumspect before downloading apps. A good rule of thumb is to download apps only when they provide a true benefit and then to choose ones made by known companies, when possible. People should also read the user reviews to see if there are reports of malice.

Article Tags:
Article Categories: