Several Play Store apps found spreading Joker, Facestealer and Coper malware


Google blocked several malicious apps from the Play Store that were distributing Joker, Facestealer, and Coper malware families.

The researchers from security firm Pradeo discovered multiple apps spreading the Joker Android malware.

The Joker malware is a malicious code camouflaged as a system app and allows attackers to perform a broad range of malicious operations, including disabling the Google Play Protect service, installing malicious apps, generating fake reviews, and showing ads.

The spyware can steal SMS messages, contact lists, and device information and to sign victims up for premium service subscriptions.

4 new malicious apps were found on Google Play that were infected with the Joker malware that act as droppers. According to the researchers the apps have been installed by 100.000+ users.

The researchers from ThreatLabz stated that they have discovered over 50 unique Joker downloader apps on the Play Store. These apps were downloaded by more than 300k users.

The experts also discovered malicious apps infected with the Facestealer and Coper malware.

The Facestealer spyware that was first spotted in July 2021 by Dr. Web researchers was designed to steal Facebook users’ logins and passwords and authentication tokens.

The Coper malware is a banking trojan that targets banking applications in Europe, Australia, and South America. By using these malware, the attackers can gain information and access to steal money from victims.

Facestealer and Coper dropper apps were uploaded to the Play Store as Vanilla Camera (cam.vanilla.snapp) and Unicc QR Scanner (com.qrdscannerratedx).

The researchers recommend that if you become a victim of a malicious app from the Play Store, inform Google about it immediately through the support options in your play Store app.


Please enter your comment!
Please enter your name here