The apps are: Convenient Scanner 2, Safety AppLock, Push Message-Texting & SMS, Emoji Wallpaper, Separate Doc Scanner and Fingertip GameBox, reports cyber security firm Pradeo.
“The infected applications have now been deleted from Google Play, but are still installed on the devices of their users,” Pradeo said.
Joker is a malicious bot (categorised as Fleeceware) whose main activity is to simulate clicks and intercept SMS to subscribe to unwanted paid premium services unbeknownst to users.
By using as little code as possible and thoroughly hiding it, Joker generates a very discreet footprint that can be tricky to detect.
In the last year, the malware was found hiding in hundreds of apps.
“Users are advised to immediately delete them from their device to avoid fraudulent activities,” the cyber security firm advised.
Google has removed over 1,700 apps containing Joker malware from the Play Store since 2017.
In July this year, researchers at cybersecurity firm Check Point discovered a new variant of the Joker Dropper and Premium Dialer spyware in Google Play.
Hiding in seemingly legitimate applications, this updated version of Joker was able to download additional malware to the device, which subscribes the user to premium services without their knowledge or consent.
Joker, one of the most prominent types of malware for Android, keeps finding its way into Google’s official application market as a result of small changes to its code, which enables it to get past the Play store’s security and vetting barriers.