An android Malware application with over 500,000 installs from the Google Play app store has been discovered to be infected with malware that secretly sends clients’ contact information to an attacker-controlled server and registers them up for unwanted paid premium memberships without their permission.

The recent Joker malware has been discovered in the “Color Message” application, a communication app that has subsequently been withdrawn from the official app marketplace. It has also been seen faking clicks in order to generate cash from fraudulent adverts, as well as linking to Russian servers.

According to mobile security company Pradeo, Color Message “retrieves individuals’ contact information and exfiltrates it across the network and instantly subscribes to dubious premium services.” “The application has the ability to disguise its icon once deployed, finding it challenging to uninstall.”

The Color Message creators write in their terms and conditions, that they are devoted to ensuring that the software is as useful and efficient as possible. As a result, they reserve the right to make changes to the app at any time and for any reason, as well as to charge for its services. They‘ll never charge you for the app or its services until they’ve made it crystal clear what you’re paying for.

Joker has been a renowned malware since its emergence in 2017, popular for a variety of harmful actions, including financial fraud and intercepting SMS messages, contact information, and device information without users’ knowledge. According to Android’s Security and Privacy Team, the virus developers have at some time used almost every disguising and obfuscation technique under the sun in an effort to go unnoticed.