Joker Ain’t Joking Around No More

A new variant of the elusive Joker malware has found its way into Google Play Store. 

The scoop

The threat actors behind the Joker malware have evaded Google Play Store’s defenses once again and slipped infected apps into the store. The attackers have managed to cleverly hide malicious code within legitimate apps to slip through Google’s defenses. The malware is designed to steal victims’ messages, contact lists, and device information, while also subscribing users for premium services without their consent. 

Method of infection

  • Building payload - a payload is built before inserting it into the Android AppManifest file.
  • Skipping payload loading - during evaluation, the malware doesn’t hold on to the payload. This makes bypassing the app store protections a lot easier.
  • Malware propagation - after being approved, the campaign is fully functional.

This isn’t the first instance

  • In January 2020, approximately 1700 apps infected with the malware were removed from the Play Store.
  • Last year, 24 apps were found in the Play Store to be infected with the malware.

Closing words

The bottom line is that Joker seems to adapt real quick and Google Play Store protections aren’t just enough to protect users. The list of 11 malicious applications can be found here and users are advised to remove them immediately and check their bills for any unwanted transactions.