One of the most persistent pieces of malware targeting Android devices has reared its head again, this time appearing in 17 apps on the Google Play Store.

As security company Zscaler explains, the apps in question were infected with the Joker malware. It steals SMS messages, contact lists, and device information, but the most serious threat it poses to users is automatic sign-ups to premium wireless application protocol (WAP) services. With WAP billing, users get a shock next time they receive their mobile phone bill as the service costs are charged directly to it.

The Joker malware circumvents the Google Play app vetting process through a combination of code tweaks, execution method variation, and changes to how it downloads the payload allowing it to function, steal information, and trigger the WAP service sign-ups. Google has removed the 17 infected apps from the Play Store and disabled them on devices where they are installed, thought to be in the region of 120,000 devices. The list of apps includes:

• All Good PDF Scanner

• Blue Scanner

• Care Message

• Desire Translate

• Direct Messenger

• Hummingbird PDF Converter - Photo to PDF

• Meticulous Scanner

• Mint Leaf Message-Your Private Message

• One Sentence Translator - Multifunctional Translator

• Paper Doc Scanner

• Part Message

• Private SMS

• Style Photo Collage

• Talent Photo Editor - Blur focus

• Tangram App Lock

• Unique Keyboard - Fancy Fonts & Free Emoticons

• All Good PDF Scanner*

For full details, please click this link.