Google has been tracking these apps since 2017, and now finally, has removed 11 apps from the Play Store which were infected with the notorious Joker malware.
White Ops’ Satori threat intelligence team discovered these 29 apps as part of their “CHARTREUSEBLUR” investigation. The word blur in the codename of the investigation is due to the fact that most of the malicious apps were photo editing apps that had a blur feature. As for the word “chartreuse” the team just found it fun to say and that the liquor is tasty.
These Android apps were found running out-of-context (OOC) ads which are said to be used to avoid detection. After the user installs any of these apps, the launch icons would immediately disappear from the phone. This made it difficult for users to remove malicious app from their phones.
Google bans these apps for injecting malware
One such app with adware was the Square Photo Blur app. The Satori team tested this app and discovered a “hollow shell of an app” which managed to pass the Play Store security checks. The app obviously didn’t function as advertised and instead ran OOC ads on phones. Once the app was installed on the phone the launch icon disappeared and there was no “open” function on the Play Store either.
Ads that popped on up through these apps happened within intervals of only a few seconds. Also, almost every action the user performed on their phone triggered a code in the app for ads to pop-up. Some of these actions include unlocking the phone, uninstalling an app, charging the phone, or even switching from mobile data to Wi-Fi. The ads pop up and occupy the whole screen of the phone. It’s not just ads though. The Square Photo Blur app even managed to launch an OOC web browser randomly.
29 Android apps have been identified with this malicious adware. But there could be more in the future. You can find the full list of apps here and uninstall them. The Satori team also advises to look out for hints like – reviews of the apps mentioning ads popping up all the time, apps disappearing after downloading it, a lot of 5-star reviews but recent ones are mostly 1-star, the app doesn’t work as advertised, the app received a lot of downloads in a very short time. Some of these points can act as indicators that the app is probably a malicious one.
List of 25 apps banned by Google:
- Super Wallpapers Flashlight
- Powerful Flashlight
- Super Bright Flashlight
- Super Flashlight
- Wallpaper Level
- Contour level wallpaper
- Iplayer & iwallpaper
- Video maker
- Color Wallpapers
- Pedometer
- Solitaire
- Accurate scanning of QR code
- Classic card game
- Junk file cleaning
- Padenatef
- Synthetic Z
- File Manager
- Composite Z
- Screenshot capture
- Daily Horoscope Wallpapers
- Wuxia Reader
- Plus Weather
- Anime Live Wallpaper
- iHealth step counter
- Com.tyapp.fiction