The app in question is known as Color Message, and it looked innocuous enough at first glance – claiming to make SMS texting a more “fun and beautiful” with new emojis and more.
And, to make matters worse, besides signing users up covertly to expensive subscription services the study found Color Message also extracted users’ contact list and sent this sensitive information to Russia.
Pradeo’s Roxane Suau wrote: “Our analysis of the Color Message application through the Pradeo Security engine shows that it accesses users’ contact list and exfiltrates it over the network. Simultaneously, the application automatically subscribes to unwanted paid services unbeknownst to users. To make it difficult to be removed, the application has the capability to hides it icon once installed.”
When the cybersecurity firm published its findings on Thursday December 16, they said the app was still available on the Google Play Store. Thankfully, since then, the software has been removed after ArsTechnica got in touch with Google about the threat.
However, while the app has been delisted from the Play Store that won’t help the hundreds of thousands of people that already have downloaded the app onto their Android phone.
If you’re among the over 500,000 people that have downloaded Color Massage then make sure you delete the app immediately.
You can delete it by opening the Google Play Store then heading to Menu > My Apps & Games. The select the compromised app and choose uninstall.
However, uninstalling an app loaded up with Joker won’t be enough to cancel any subscriptions you’ve secretly been signed up to.
To cancel any expensive subscriptions you didn’t agree to, open the Google Play Store once again. Make sure you’re logged into your account then head to Menu > Subscriptions.
Look over all of the premium subscriptions you’re signed up for and if you find any that are suspicious select it and then choose cancel subscription. You will then need to follow the on-screen instructions.
SOURCE