Joker Malware Continues to Go Strong Against Android Users

Joker returns

• Zscaler’s ThreatLabZ research team recently observed a new Joker malware variant that was distributed via 11 different apps on Google Play Store. 
• The names of the infected apps were Free Affluent Message, PDF Photo Scanner, Delux Keyboard, Comply QR Scanner, PDF Converter Scanners, Font Style Keyboard, Translate Free, Saying Message, Private Message, Read Scanner, and Print Scanners.  
• Upon discovery, the researchers notified the Google Android Security Team who took prompt action to remove the suspicious apps from its Play Store. 

Some interesting facts your way

• Along with the discovery of a new threat, some interesting facts have come forth during the investigation.
• It was found that Joker authors used a name dictionary system to derive the publisher names for their malicious apps. 
• In order to bypass the Google Play store vetting process, this time, the malware had used URL shortener services to retrieve the first level of payload. 

The repeated offender

• Joker malware authors repeatedly target some categories of apps in different campaigns. 
• Based on the 50+ payloads observed in the last two and half months, the five categories that have been targeted mostly belong to tools (41%), communications (28%), personalization (22%), photography (7%), and heath & fitness (2%). 
• In the first week of July, Joker was held responsible for infecting and pilfering sensitive data of Android users by posing as a free QR scanner.
• In June, Quick Heal Security Labs reported to Google about eight Joker malware-laced apps that stole SMS messages, contact lists, and device information of users.

What does this indicate?