In the past few months, spyware and malware attacks have increased drastically. And once again, Joker is back to corrupt your Android smartphone. It appears that this malware has one more time cropped up on Google. The researchers found a brand new variant of Premium Dialer spyware and adware, and Joker Dropper in Google Play Store.
A researcher said, ‘The latest version of Joker malware is capable of hiding in legitimate applications that download additional malware files to the Android device. After that, it subscribes users to premium services without letting them know.‘
Joker is a specially designed malware for Android that has invaded Google Play Store multiple times. Only a small change in its code is capable of letting it get past through the Play Store’s vetting barriers and security. And this time, the malicious brain behind Joker utilized an old technique of a conventional PC threat landscape. It enabled malware to avoid getting detected by Google and terrorize the mobile app world. For letting users subscriber to premium services without their consent, Joker used two components-
- A Dynamic Dex File loaded from the C&C server for performing user registration for the services.
- A Notification Listener Service, which is a part of the original application.
Aviran Hazum, Manager of Mobile Research for Check Point said, ‘Joker is dynamic. It can change and adapt to the new security protocols on which, Google invests a large sum of money to update its Play Store protection protocols. Numerous cases of Joker malware getting uploaded every week on Google Play were detected. All those cases revolved around unsuspecting users.“
11 IOC’s in Check Point’s list
Check Point in its list, highlighted the following 11 IOC’s-
A French Cyber-Security Agency disclosed that the brand new malware that steals Facebook logins and can destroy your online and offline life. Evina (working in French cyber-security firm) in her blog post wrote, ‘New methods of committing frauds are regularly detected by our cybersecurity experts. We recently discovered a new malware that’s stealing Facebook logins. It can use the credentials of your post to ruin your offline and online life, and it is embedded in various popular apps.‘
Google has already stuck down 25 apps that were phishing on the Facebook login credentials of users. The 11 infected apps have also been taken down from the Play Store. However, it doesn’t mean that Joker Dropper will not return. It’s a tricky malware capable of adapting to the situation. Google needs to work on new algorithms to understand and detect Joker and how it could hurt everyday people.