Tatyana Shishkova, an android malware analyst at Kaspersky disclosed two Google Play apps named ‘Smart TV remote’ and ‘Halloween Coloring’, are loaded with Joker malware, with the former having been downloaded at least 1,000 times.
The malware is known to subscribe to users on premium mobile services without their consent or knowledge.
The threat actors behind the Joker malware hide malicious code in seemingly benign apps and publish these to official app stores. Earlier this year, over 500,000 Huawei Android devices were found to be infected with Joker.
It is plausible, Google Play Protect might eventually catch these apps and offer automatic protection to affected users, despite the initial miss leading to the apps’ publication on Play store.
“Google Play Protect checks for apps when you install them. It also periodically scans your device. If it finds a potentially dangerous app, it may send you a notification, … disable the app until you uninstall it, [or] delete the application automatically “, say Google official documents.