The Joker malware steals money from users by subscribing them to paid subscriptions without their consent. It first simulates interaction with ads without users' knowledge and then steals the victim’s SMS messages including OTP to authenticate payments.
Joker trojan has found its way to Google Play store once again. Last year, as well as earlier this year in February the Joker malware infected several apps which later Google removed from the Play store. The malware has yet again made its way to the Play store and affected some apps which could be installed on your phone. Google has removed as many as 11 apps from the Play store.
The infected apps include:
com.imagecompress.android
com.relax.relaxation.androidsms
com.cheery.message.sendsms
com.peason.lovinglovemessage
com.contact.withme.texts
com.hmvoice.friendsms
com.file.recovefiles
com.LPlocker.lockapps
com.remindme.alram
com.training.memorygame
The Joker malware steals money from users by subscribing them to paid subscriptions without their consent. It first simulates interaction with ads without users’ knowledge and then steals the victim’s SMS messages including OTP to authenticate payments.
This means that the affected user might not know that they have been signed up for a paid subscription service and that their money has been deducted from their account unless they receive a message or notification stating their credit card statements, etc.
According to Check Point, “Joker keeps finding its way into Google’s official application market as a result of small changes to its code, which enables it to get past the Play store’s security and vetting barriers.” This time two new variants of the Joker Dropper and Premium Dialer spyware have been discovered in the Play Store. These were found hiding inside of some “seemingly legitimate apps”.
The report stated that this time the malicious actor behind Joker “adopted an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection by Google.”
Ths time Joker malware used two components – “Notification Listener service that is part of the original application, and a dynamic dex file loaded from the C&C server to perform the registration of the user to the services.”
The report further stated, “In an attempt to minimize Joker’s fingerprint, the actor behind it hid the dynamically loaded dex file from sight while still ensuring it is able to load – a technique which is well-known to developers of malware for Windows PCs. This new variant now hides the malicious dex file inside the application as Base64 encoded strings, ready to be decoded and loaded.”
If you have any of the aforementioned apps on your smartphone delete them immediately.
Check Point suggests that you must uninstall infected applications from your device and also check your mobile and credit-card bills to check if you have been signed up for any subscriptions and unsubscribe. To prevent Joker malware from affecting in the future you must install a security solution into your device.
إرسال تعليق
Publish a comment