The Joker virus is back in action. We saw it last in July where the malware was being propagated via 11 apps on Google Play Store. While these apps were thrown out of the Play Store, Joker has again made its way back. 

What’s going on?

The Belgian Police issued a warning about the return of the Joker virus that is attacking Android devices - once more. The virus has been detected in eight apps in the Google Play Store; however, the apps have been removed by Google. The apps are - Auxiliary Message, Element Scanner, Fast Magic SMS, Travel Wallpapers, Free CamScanner, Go Messages, Great SMS, and Super Message. However, the malicious code is probably also being carried by 16 other apps

Why this matters

While the infected apps originally conducted fraud via SMS but started targeting WAP payments. These techniques abuse the connection of vendors with telephone operators to enable the payment of services associated with mobile bills. These ask for verification from the devices but not the users. Hence, the attackers could automate payments without any user interaction. 

About Joker?

  • Joker trojan belongs to the Bread malware family and primarily focuses on hacking mobile bills and authorizing operations without the user’s knowledge. 
  • It is capable of entering contact and SMSes on infected devices. However, this malware is particularly dangerous because of its ability to subscribe victims to paid services.  

In essence

Joker operators have shown that they are extremely active and innovative as they manage to evade Google Play Store’s defenses and upload payloads time and again. Nevertheless, the Play Store is not the only location that Joker resides in. The malicious apps are uploaded on third-party apps stores so as to avoid the scrutiny arising from their activities on the official app store. While these apps are eradicated promptly by Google, they can linger on for longer periods of time in third-party stores. Therefore, users are recommended to download apps only from the official store and not from suspicious or unknown third-party apps.

Cyware Publisher