Android smartphone users alert! The notorious Joker malware, known for infecting several Google Android apps, is back with another malicious scheme. 

Joker returns

  • Zscaler’s ThreatLabZ research team recently observed a new Joker malware variant that was distributed via 11 different apps on Google Play Store. 
  • The names of the infected apps were Free Affluent Message, PDF Photo Scanner, Delux Keyboard, Comply QR Scanner, PDF Converter Scanners, Font Style Keyboard, Translate Free, Saying Message, Private Message, Read Scanner, and Print Scanners.  
  • Upon discovery, the researchers notified the Google Android Security Team who took prompt action to remove the suspicious apps from its Play Store. 

 

Some interesting facts your way

  • Along with the discovery of a new threat, some interesting facts have come forth during the investigation.
  • It was found that Joker authors used a name dictionary system to derive the publisher names for their malicious apps. 
  • In order to bypass the Google Play store vetting process, this time, the malware had used URL shortener services to retrieve the first level of payload. 

The repeated offender

  • Joker malware authors repeatedly target some categories of apps in different campaigns. 
  • Based on the 50+ payloads observed in the last two and half months, the five categories that have been targeted mostly belong to tools (41%), communications (28%), personalization (22%), photography (7%), and heath & fitness (2%). 
  • In the first week of July, Joker was held responsible for infecting and pilfering sensitive data of Android users by posing as a free QR scanner.
  • In June, Quick Heal Security Labs reported to Google about eight Joker malware-laced apps that stole SMS messages, contact lists, and device information of users.

What does this indicate?

Joker malware authors are active and constantly innovating their tactics in an attempt to bypass the vetting process of the Google Play store. However, the Play Store is not the only place that malware can be found; it can also be found on third-party app stores. Therefore, users must exercise caution when downloading apps from both official and third-party app stores. 

Cyware Publisher

Publisher

Cyware