Squid Game app downloaded thousands of times was really Joker malware in disguise

midian182

Posts: 7,271   +65
Staff member
In brief: Squid Game has set the internet on fire. With Netflix’s hit on everyone’s lips, people are rushing to download everything and anything related to the Korean show, including a wallpaper app from the Play Store that was packed with malware.

There is no official Squid Games app—not counting Netflix, of course—yet ESET’s Android malware researcher Lukas Stefanko tweeted that there are over 200 applications related to the series listed on the Play Store, and at least one of them was yet another piece of malicious software that slipped past Google’s safeguards.

Forbes reports that an Android security researcher using the handle @ReBensk discovered the Squid Game wallpaper app. It was later analyzed by Stefanko, and both concluded it to be a brand of Joker malware.

We’ve seen Joker on the Play Store plenty of times before. It can surreptitiously sign its victims onto premium subscription services by simulating the sign-up process. It’s also able to steal SMS messages, contact lists, and device information. In 2019, it was detected in 24 apps that had over 472,000 downloads, and 64 new variants appeared on Google’s storefront last year.

The Joker variant in this case targeted victims with ad frauds and signed them up to expensive SMS services without their knowledge. The good news is that Google identified the app and removed it from the store, but not before it was downloaded at least 5,000 times.

It’s always best to be wary of unofficial apps taking advantage of something that’s suddenly become popular, be it games, movies, or TV shows. A “mobile version” of Cyberpunk 2077 arrived not long after the game's launch that turned out to be ransomware.

Stefanko noted that all the other Squid Game apps he checked were free of malware, though they were packed with benign ads. But it’s always worth checking the reviews to ensure that what you’re downloading is on the level.

Permalink to story.

 

Uncle Al

Posts: 8,344   +7,154
LOL .... all you need to do it buy a set of their tires and you'll understand the disdain for all things Korean ....
 

Sausagemeat

Posts: 1,036   +863
There isn’t a single app with squid game in the name on the iOS App Store. Shows just how much more secure iOS is than Android. And this is only in the news because it’s squid game and journalists know that it will get hits. The vast majority of malware out there on the play store just sits in plain sight and nobody seems to give a dam.

 

QuantumPhysics

Posts: 5,436   +6,217
I believe people caught making malware and viruses should be subject to public, intercontinental, televised beatings.

Singapore style.

Can I get an AMEN?
 

Geralt

Posts: 790   +1,187
There isn’t a single app with squid game in the name on the iOS App Store. Shows just how much more secure iOS is than Android. And this is only in the news because it’s squid game and journalists know that it will get hits. The vast majority of malware out there on the play store just sits in plain sight and nobody seems to give a dam.
No comparison between the Android's universe and the Apple's doll-as$-like closed ecosystem.
 

Sausagemeat

Posts: 1,036   +863
No comparison between the Android's universe and the Apple's doll-as$-like closed ecosystem.
Lol, these apps are all on Google’s play store, which is a closed eco system (technically you void your warranty if you side load apps from outside the App Store). Google clearly
don’t vet their App Store as well as Apple does.

Of course despite Googles App Store being full of malware, a larger percentage of malware comes from people who download outside of the play store.

Android is just a hot mess, that’s what happens when it’s open and no one takes responsibility of the eco system.
 

captaincranky

Posts: 17,623   +6,411
Beating only? I prefer shooting.
This is something I would have liked to have seen during the George Floyd protests.

The government should have declared martial law, allowed the protesters to march peacefully all they wanted, but shot looters on sight.

A bit closer to topic, if we could find the individuals responsible for ransomware, and send a seal team to take them out.

But, I suppose having US operatives roaming around within Russian borders, would doubtless lead to an "international incident"..
 
Last edited:

kiwigraeme

Posts: 645   +495
Lol, these apps are all on Google’s play store, which is a closed eco system (technically you void your warranty if you side load apps from outside the App Store). Google clearly
don’t vet their App Store as well as Apple does.

Of course despite Googles App Store being full of malware, a larger percentage of malware comes from people who download outside of the play store.

Android is just a hot mess, that’s what happens when it’s open and no one takes responsibility of the eco system.


But it's not the guns that kill people
 

0dium

Posts: 275   +329
Lol, these apps are all on Google’s play store, which is a closed eco system (technically you void your warranty if you side load apps from outside the App Store). Google clearly
don’t vet their App Store as well as Apple does.

Of course despite Googles App Store being full of malware, a larger percentage of malware comes from people who download outside of the play store.

Android is just a hot mess, that’s what happens when it’s open and no one takes responsibility of the eco system.
So I assume you are not using windows
 

captaincranky

Posts: 17,623   +6,411
But it's not the guns that kill people
That's only partially true. Within our larger US cities, there are certain elements of our society, intent on "thinning their own herd", so to speak. Which is fine with me. Unfortunately, they don't kill enough of each other, and murder too many innocent windshields in the process.
 

Sausagemeat

Posts: 1,036   +863
So I assume you are not using windows
Lmao. I do use windows because I have no choice mate. It’s the only OS that runs the games I play. But I do make sure I don’t do any online banking or keep any sensitive documents on my windows machine. This isn’t really for security purposes, it’s more that my windows gaming Pc is a bit like a piano. It sits in the spare room and I only go in there to play games.

I exclusively use iOS for email and banking these days.