Another batch of Joker Trojan-infected Android apps have resurfaced on the Google Play Store

Another batch of Joker Trojan-infected Android apps have resurfaced on the Google Play Store

“They’re usually spread on Google Play, where scammers download legitimate apps from the store, add malicious code to them and re-upload them to the store under a different name,” Kaspersky researcher Igor Golovin said in a report published last week. The trojanized apps, taking the place of their removed counterparts, often appear as messaging, health tracking, and PDF scanner apps that, once installed, request permissions to access text messages and notifications, abusing them to subscribe users to premium services.

A new collection of trojanized applications has been discovered spreading across the Google Play Store, delivering the renowned Joker virus on vulnerable Android devices. A repeat offender, Joker, refers to a type of malicious programmes that are used for billing and SMS fraud, as well as a variety of malicious hacker’s choice acts, such as stealing text messages, contact lists, and device information. Despite Google’s ongoing efforts to strengthen its security, the programmes have been constantly iterated to look for vulnerabilities and get into the app store unnoticed.



  • A sneaky trick used by Joker to bypass the Google Play vetting process is to render its malicious payload “dormant” and only activate its functions after the apps have gone live on the Play Store. Three of the Joker-infected apps detected by Kaspersky through the end of February 2022 are listed below. Although they have been purged from Google Play, they continue to be available from third-party app providers.  (, and Camera PDF Scanner (com.jiao.hdcam.docscanner). This is not the first time subscription trojans have been uncovered on app marketplaces. Last year, apps for the APKPure app Store and a widely-used WhatsApp mod were found compromised with malware called Triada.