Taking advantage of the growing craze for the dystopian South Korean horror series Squad Games, cybercriminals are now targeting unsuspecting individuals in the name of the Netflix series.
Cybersecurity expert and researcher Lukas Stefanko, who studies malware at security firm ESET, revealed through a tweet that a notorious app called “Squid Wallpaper 4K HD”, which was available on the Google Play Store (not available now), was developed by threat actors to infect Android phones with the Joker malware.
Interestingly, the Joker malware was also spotted on the Google Play Store earlier, but this is the first time that a Squid Game-based app has been used to distribute it.
What happens if you download the app?
Stefanko in his article notes that the malicious application was installed over 5,000 times before it was identified and removed. The app can download and run native libraries and even run malicious apps on target devices.
Joker Android Themed Squid Game
1) download and run native library
2) native library downloads and runs apk payload
Running this app on the device may result in malicious ad fraud and / or unwanted SMS subscription actions https://t.co/PTDtPlUkBy pic.twitter.com/AFs8gkEuab
– Lukas Stefanko (@LukasStefanko) October 19, 2021
The cyber researcher further warned that the reported application allowed hackers to perform “malicious ad fraud and / or unwanted SMS subscription actions”. In addition to gaining unauthorized access to its invoices, the malware also allows certain operations without receiving the user’s consent.
Cybercriminals could also sign up affected users for premium services, which can cost them dearly. It should be noted that anyone who downloaded the “Squid Game Wallpaper 4K HD” app would be the victim of an expensive SMS scam.
How can you stay safe?
Stefanko claimed in the tweet that at least 200 Squid Game based apps are available on Google Play. The most downloaded of these apps reached one million downloads in 10 days. “This seems like a great opportunity to make money on in-app ads for one of the most popular TV shows without an official game,” he said.
Considering how cybercriminals can use the craze to trick people into falling for such malware, users need to be extra careful when installing apps on their devices. The best course of action for Android users is to remove these apps from their devices in order to minimize the chances of catching the Joker malware. Additionally, wrapping your device with anti-malware can go a long way in protecting you from viruses.