Joker Trojan infected apps on Google Play Store

October 10, 2020
joker trojan malware google play store antimalware

Financial institutions, app makers, and app users closely tied to the Financial Industry must take extra precautions because maliciously scripted applications in Playstore is possible and can drain someone financially once infected with the malware such as The Joker Trojan.

The Joker Trojan (also known as Bread Malware) has been recognized as one of the most persistent and advanced types of cyber threats that have been sneaking into applications since its discovery in early 2017. The Joker infected applications were able to pass the Google defenses and reach the Google Play Store platform several times.

Until recently, a cybersecurity firm has identified 17 Joker trojan infected applications available for download at Google Play Store that were promptly removed by Google. The applications were posing several different utility and productivity functionality apps such as SMS messaging, language translator, document scanner, application locker, fonts and emoticons, and keyboard user interface.


In a small amount of time, the Joker Trojan infected apps amassed around 120,000 total downloads before getting discovered as a malicious threat.


The cyber researchers found that the final payload is getting delivered to a direct URL acquired from a C2 Server, single stager, and two stager payload downloads on several infected apps.

Google’s security team has been acting against several different batches of Joker infected apps that were active since the past months.

  • This August, Google removed 6 Joker Trojan embedded apps that posed its functionality as wallpaper, text app, and emoji icon set that accounted for 200,000 total downloads and install.
  • The total detected and recorded apps identified as infected by the Joker malware from the Google Play Store are around 1,700 unique apps since it was discovered in 2017 – all of them were removed by the security team.

Persistent malware threats such as Joker Trojan has been targeting to exploit the Google Play Store platform consistently over the years. Educating and informing the end-users will remain the critical part of the defense against these publicly available mobile applications. Pay more attention to the permission given to the applications you have installed that require access to contact information, call logs, SMS, geographical location, and other private details requiring privilege elevation from the user.

About the author

Leave a Reply