Google has been tracking these apps since 2017, and now finally, has removed 11 apps from the Play Store which were infected with the notorious Joker malware.

 

White Ops’ Satori threat intelligence team discovered these 29 apps as part of their “CHARTREUSEBLUR” investigation. The word blur in the codename of the investigation is due to the fact that most of the malicious apps were photo editing apps that had a blur feature. As for the word “chartreuse” the team just found it fun to say and that the liquor is tasty.

 

These Android apps were found running out-of-context (OOC) ads which are said to be used to avoid detection. After the user installs any of these apps, the launch icons would immediately disappear from the phone. This made it difficult for users to remove malicious app from their phones.

 

Google bans these apps for injecting malware

One such app with adware was the Square Photo Blur app. The Satori team tested this app and discovered a “hollow shell of an app” which managed to pass the Play Store security checks. The app obviously didn’t function as advertised and instead ran OOC ads on phones. Once the app was installed on the phone the launch icon disappeared and there was no “open” function on the Play Store either.

 

Ads that popped on up through these apps happened within intervals of only a few seconds. Also, almost every action the user performed on their phone triggered a code in the app for ads to pop-up. Some of these actions include unlocking the phone, uninstalling an app, charging the phone, or even switching from mobile data to Wi-Fi. The ads pop up and occupy the whole screen of the phone. It’s not just ads though. The Square Photo Blur app even managed to launch an OOC web browser randomly.

 

29 Android apps have been identified with this malicious adware. But there could be more in the future. You can find the full list of apps here and uninstall them. The Satori team also advises to look out for hints like – reviews of the apps mentioning ads popping up all the time, apps disappearing after downloading it, a lot of 5-star reviews but recent ones are mostly 1-star, the app doesn’t work as advertised, the app received a lot of downloads in a very short time. Some of these points can act as indicators that the app is probably a malicious one.

List of 25 apps banned by Google:

  1. Super Wallpapers Flashlight
  2. Powerful Flashlight
  3. Super Bright Flashlight
  4. Super Flashlight
  5. Wallpaper Level
  6. Contour level wallpaper
  7. Iplayer & iwallpaper
  8. Video maker
  9. Color Wallpapers
  10. Pedometer
  11. Solitaire
  12. Accurate scanning of QR code
  13. Classic card game
  14. Junk file cleaning
  15. Padenatef
  16. Synthetic Z
  17. File Manager
  18. Composite Z
  19. Screenshot capture
  20. Daily Horoscope Wallpapers
  21. Wuxia Reader
  22. Plus Weather
  23. Anime Live Wallpaper
  24. iHealth step counter
  25. Com.tyapp.fiction