Another Popular Google Play App Found to Host Malware

'Color Message' has been removed, but was downloaded more than 500,000 times

Google Play app Color Message—which is said to have had over 500,000 downloads—has been removed from the Play Store after being linked to Joker malware.

Researchers from mobile security company Pradeo have discovered malware buried in the Color Message app on the Google Play store. More specifically, it's hiding Joker malware, which Pradeo says is extremely difficult to detect, thanks to leaving a small digital footprint. It can also be tricky to remove as it's able to hide its icon once it's been installed. According to Pradeo, Joker malware has been discovered in hundreds of apps over the past two years.

Someone holding a smartphone with a Malware warning on the front.

Pixabay / Mockup Photos & Olemedia / Getty Images

In Pradeo's words, the Joker malware is a form of fleeceware, which can access users' contact lists and send them out to other parties over the network. It also will quietly sign users up for paid services without their knowledge by intercepting SMS (Short Message Service) and simulating clicks.

The malware app uses a minimal amount of code to hide itself, making it tough to find once it's in place.

Pradeo points out that Color Message's terms and conditions did not explain the level of access the app would have or how much control it would be allowed. The brief description was also hosted on a single, unbranded blog page.

Upset young woman having problem with mobile phone

fizkes / Getty Images

Color Message has since been removed from the Google Play store, but it's recommended that you exercise caution when downloading any apps from unfamiliar developers.

Pradeo also highly recommends deleting the Color Message app immediately if you have it installed on your Android device.

Was this page helpful?