Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Careful: ‘Smart TV remote’ Android App on Google Play is Malware

Careful: ‘Smart TV remote’ Android App on Google Play is Malware

Two Android apps available on the Google Play store have been found to contain malware this week.

These apps are called ‘Smart TV remote’ and ‘Halloween Coloring’, with the former having been downloaded at least 1,000 times.

Also Read: Management Training PDF for Effective Managers and Leaders

Smart TV remote app packs ‘Joker’ malware

This week, Tatyana Shishkova, Android malware analyst at Kaspersky disclosed the names of two Google Play apps that are laced with Joker malware.

At least one of these apps, ‘Smart TV remote’ has been installed over 1,000 times thus far since its publication on October 29th.

According to Shishkova, these apps are trojanized with the Joker malware:

As previously reported by BleepingComputer, the threat actors behind the Joker malware hide malicious code in seemingly benign apps and publish these to official app stores. Earlier this year, over 500,000 Huawei Android devices were found to be infected with Joker.

Also Read: PDPA Laws And Regulations; A Systematic Guidelines In Singapore

The malware is known to subscribe users to premium mobile services without their consent or knowledge.

Obfuscated code packs ELFs and downloads APKs

To better analyze the malicious code, BleepingComputer obtained the Android apps and decompiled these APKs.

As also confirmed by Shishkova, the malicious code exists in the “resources/assets/kup3x4nowz” file within the Smart TV remote app. For the Halloween Coloring app, an identical file named “q7y4prmugi” exists at the same location.

These files contain base64 code, shown below, packing a Linux ELF binary:

base64 code inside APK
Base64 packed ELF inside the malicious Android app (BleepingComputer)

This ELF binary further downloads second-stage payload hosted on an Amazon AWS instance. The URLs  contained in the ELFs to second-stage payload are:Smart TV remote app:[.]com/yr41ajkdp5
Halloween Coloring app:[.]com/vl39sbv02d

aws url to payload
Second stage payload downloaded from an AWS server (BleepingComputer)

As checked by BleepingComputer, these files yr41ajkdp5 and vl39sbv02d being XOR-encrypted themselves, are not detected by any of the leading antivirus engines thus far.

Decoding these files with an XOR key ‘0x40’ however, produces APK archives. In essence, the quasi-benign ‘Smart TV remote’ and ‘Halloween Coloring’ apps are a front for downloading malicious apps onto your Android devices.

Last month, malicious “photo editor” apps were also caught sitting on the Google Play store by Shishkova and Maxime Ingrao, a security researcher at mobile payments cybersecurity firm Evina.

BleepingComputer has reported the malicious ‘Smart TV remote’ and ‘Halloween Coloring’ apps to Google Play prior to publishing.

It is plausible, Google Play Protect might eventually catch these apps and offer automatic protection to affected users, despite the initial miss leading to the apps’ publication on Play store.

“Google Play Protect checks apps when you install them. It also periodically scans your device. If it finds a potentially harmful app, it might send you a notification,… disable the app until you uninstall it, [or] remove the app automatically,” state Google’s official docs.

In the meantime, users who have installed either of these apps should uninstall the app immediately, clean up their smartphone, and check for any unauthorized subscriptions or billing activity initiated from their accounts.

Update 11 Nov 13:14 ET: A Google spokesperson told BleepingComputer, “Both apps have been removed and the developers have been banned.”



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us