Taking advantage of the growing craze of the dystopian South Korean horror series Squad Games—cybercriminals are now targetting unsuspecting individuals in the name of Netflix’s series.
Cybersecurity expert and researcher Lukas Stefanko, who studies malware at security firm ESET, through a tweet revealed that a notorious app called ‘Squid Wallpaper 4K HD’, which was available on Google Play Store (not available now), was developed by threat actors to infect Android phones with the Joker malware.
Interestingly, the Joker malware has been spotted on Google Play Store earlier as well, but this is the first instance of a Squid Game-based app being used to spread it.
What happens if you download the app?
Stefanko in his post notes that the malicious app had been installed more than 5,000 times before it was identified and taken down. The app could download and execute native libraries and even execute malicious apps on the target devices.
Squid Game themed Android Joker
1) downloads and executes native lib
2) native lib downloads and executes apk payload
Running this app on device might result in malicious ad-fraud and/or unwanted SMS subscription actionshttps://t.co/PTDtPlUkBy pic.twitter.com/AFs8gkEuab
— Lukas Stefanko (@LukasStefanko) October 19, 2021
The cyber researcher further warned that the flagged app allowed hackers to carry out “malicious ad-fraud and/or unwanted SMS subscription actions”. Besides gaining unauthorised access to one’s bills, the malware also allows certain operations without receiving consent from the user.
Cybercriminals could also sign up affected users for premium services, which can cost them a lot of money. It is worth noting that anyone downloading the “Squid Game Wallpaper 4K HD” app is said to be falling victim to a costly SMS scam.
How can you stay safe?
Stefanko asserted in the tweet that at least 200 apps based on Squid Game are available on Google Play. The most downloaded out of these apps reached one million downloads within 10 days.“Seems like a great opportunity to make money on in-app ads from one of the most popular TV shows without an official game,” he stated.
Considering how cybercriminals can use the craze to trick people into falling trap to such malware, users need to be very cautious while installing any applications on their devices. The best course of action for Android users is to delete such apps from their devices to minimize the chances of getting the Joker malware. In addition, packing your device with anti-malware can go a long way to protect against viruses.