Joker Malware: Keeps Amusing with New Tricks and Tactics

The malware operators always keep finding new ways to target and spy on victims. Joker, one of the most prominent malware families active right now, has been targeting Android users for quite some time. Recently, the malware was observed using Github to hide its payload.

What happened?

A new variant of the Joker malware has been discovered on Google Play, which uses Github pages and repositories to evade detection. This particular version was observed to be targeting mobile operator users in Thailand.
  • The app laden with Joker promised wallpapers in HD or 4K quality. This app was downloaded over a thousand times.
  • The app injects malicious code into a new location, instead of application class or launcher activity.
  • The victims may be unaware of any compromise initially because the malware has a functioning app. 
  • After infection, the malware subscribes users to a WAP service without their consent.

Past incidents

  • The Joker malware is very active and keeps coming with new variations and various infection vectors to target Android users.
  • Recently, several Android apps hosted in the Google Play Store were found to be infected with Joker.
  • In September, Google had carried out various cleanup operations and removed six malicious apps.
  • Furthermore, 24 malicious applications and later 17 more applications were removed by Google from the Play Store, mid-September.

Conclusion

To counter attackers' new approach, experts suggest having an updated anti-malware application on a smartphone, paying closer attention to what the apps are actually doing, and always using official sources to download apps.