The Joker malware is persistent. Despite public awareness of this malicious code, it has made its way into Google's Play Store yet again. Find out the 11 apps to avoid downloading from the Google Play Store to avoid being a victim of the fraud malware.
What Is the Joker Malware?
The Joker malware family is a well-known variant of malicious software that focuses on compromising Android devices, Zdnet explained. The nature of Joker is to spy on its victims, steal information, harvest contact lists, and monitor SMS messaging.
When devices are installed with apps that contain Joker, they can be used to conduct financial fraud. This could be anything from sending text messages to premium members or signing up victims to wireless application protocol (WAP) services that give operators a cut of the profit.
#Hacking #JokerMalware #Malware #Vulnerability #CyberCrime #Cyberattack #CyberSecurity— Richard S. (@Richard_S81) July 17, 2021
The Joker malware is back, experts spotted multiple malicious apps on the official Google Play store that were able to evade scanners.
Joker also abuses Android alert systems. If the user grants Joker permission to read all notifications, the malware can hide notifications relating to fraudulent service sign-ups, leaving the victim clueless to all the harmful actions being done right under their noses.
The Joker operators constantly switch up their methods to bypass security mechanisms and Google Play vetting processes, researches said.
Apps Infected with Joker Malware to Avoid Downloading in Google Play Store
Zscaler's ThreatLabz research team has been closely monitoring the Joker malware and noticed regular uploads of it onto the Google Play Store. Google takes malware reports seriously and removes suspicious apps from their store. The infected apps include:
Free Affluent Message
PDF Photo Scanner
Comply QR Scanner
PDF Converter Scanner
Font Style Keyboard
These 11 different apps were regularly uploaded to Google Play and recently amassed over 30,000 installs.
ALERT!— Directorate For ICT Support - Makerere University (@DICTSMakerere) July 14, 2021
A "Joker" malware app posing as a QR scanner has been identified with ability to steal SMS data and capabilities of both Spyware and Trojan.
TAKEAWAY: Verify the privileges and permissions requested by apps before granting them access. #BeCyerSmart #OwnYourSecurity pic.twitter.com/RWiXhk02e7
The malware authors targeted some app categories more than others, Zscaler noted. The most heavily targeted categories include health and fitness, photography, tools, personalization, and communication.
Joker authors also use full names for developers for their malicious apps. Names such as Tony Normal, Roela Vautrin, Pamela Thomason, and Wiliam M Miller each have one app registered to the name. Checking the app developer's name and crossreferencing it to the list of Joker publisher names can help identify potential Joker malware.
To bypass the vetting process, the Joker used URL shortener services to retrieve the first level of payload. Two succeeding payload stages follow to complete gaining total control of the infected Android device.
Be on the lookout for the Large EMoji Sender, My City Wallpapers, Love Nature Wallpapers, and Open World Wallpapers apps as well, as these could be Joker-related apps used to assess the infected devices.
The Joker malware authors are very active, Zscaler warned. They innovate their tactics to constantly bypass Google's vetting process for its Play Store. Given the number of payloads uploaded to Google Play, the malicious actors are succeeding in their efforts.
This does not mean Android users should turn to third-party app stores to download applications. Zscalers still recommends using Google Play Store for downloading any mobile apps as it is still relatively safer compared to third-party stores with little to no vetting processes at all.
Be mindful of the apps you are downloading and the access you are permitting to these apps.