Fake Squid Game app spreading Joker malware

Joker malware distributors exploit the name of a popular Netflix series. It was found on the Play Store by a Twitter user named ReBenks (changed his nickname soon after). Later, the malware researcher confirmed that the app is infected with the infamous Joker malware. Google already removed it from its app store but reportedly the app got over 5,000 downloads though.

Malware on the Google Play Store

Joker, categorized as a “fleecewear” malware, has been on the scene since 2017. It targets Android devices disguised as legitimate camera apps, messenger, games, translators and wallpapers. It is quite an upgraded Android malware. Since 2019 it has been trespassing Google app store scanners and been flooding it. Fleeceware is a billing fraud virus that, once installed on a device, intercepts the SMS. It subscribes its victims to different premium services controlled by fraudsters. Also, it steals messages, contact lists and other SMS you receive. Possibly, their usage may lead to massive data leaks – just like after the Clubhouse hacking. The victims get to know that their device has been infected only when the bill comes around.

The Squid Game is a nine-episode Korean drama that plays around innocent at first glance children games. People are encouraged to take part in this later revealed deadly game. The show turned out to be quite successful and is currently number one at the major streaming platform Netflix. The interesting fact is that the budget for this series consisted of $21.4 million to produce. And now it has made $900 million worldwide. The series is steadily spreading its way into culture with merchandise, memes and even real-life games.

Squid Game malicious app infected with Joker

It’s no big wonder that hackers decided to cash on it as well. A malware specialist investigated the suspicious app on the Google App Store. At first glance, it positioned itself as a wallpaper app themed to the sensation series Squid Game. But it turned out to be a whole set of malicious ads fraud and unwanted SMS subscriptions. The app is now unavailable at the Google App Store. But a lot of others are still there – you can see them on a screenshot above.

Joker-containing apps existed in masses outside the official app stores. But since 2019 they have been pretty hard on Google App Store. Researchers from Zimperium report that there are more than 1,800 Android applications with Joker virus inside. Most of them have been removed from Google Store for the past four years.

“Malicious actors have routinely found new and unique ways to get this malware into both official and unofficial app stores,” – one of the Zimperium analyses.

One of the ways they do so is to create their malicious apps in disguise in Flutter. It’s an open-source app development kit designed by Google. It allows developers to develop native apps for web, mobile and desktop from a single codebase. For the scanners apps done like this look legitimate and malicious-free.