Google has been dealing with various alterations of the Joker malware for over a year. It is a sneaky piece of malware that’s been circulating in apps delivered via the Google Play store to Android devices.

Typically, a small piece of software is injected into the advertising framework or hidden in another part of an app. And when the user runs that app, if the user’s information, carrier network, and device meet certain criteria, another component of Joker kicks-in and downloads a more nefarious payload. When that payload is executed, Joker hides in the background on a device and silently spies on the user, stealing their contact lists, SMS messages, and other identifying data stored on the device. In addition, Joker mimics user interactions on premium advertising and subscription-based services, and leverages its access to SMS and other personal data to secretly sign people up for paid services.

A couple of days ago, researchers in cloud security company Zscaler’s ThreatLabz team identified 17 new apps carrying Joker, which Google quickly removed from the Play Store. Those apps included:

1. All Good PDF Scanner
2. Mint Leaf Message-Your Private Message
3. Unique Keyboard - Fancy Fonts & Free Emoticons
4. Tangram App Lock
5. Direct Messenger
6. Private SMS
7. One Sentence Translator - Multifunctional Translator
8. Style Photo Collage
9. Meticulous Scanner
10. Desire Translate
11. Talent Photo Editor - Blur focus
12. Care Message
13. Part Message
14. Paper Doc Scanner
15. Blue Scanner
16. Hummingbird PDF Converter - Photo to PDF
17. All Good PDF Scanner

If you have any of these applications on your phone, you should remove them immediately, and run an anti-malware app to scan your device.