Google has banned 11 apps from its Play Store for injecting malware into users’ phones. A new variant of popular malware Joker had been discovered by researchers at Checkpoint which is a cybersecurity firm. The malware subscribing to premium services on the behalf of users, without their knowledge.
Checkpoint researchers discovered a new variant of Joker Dropper and Premium Dialer spyware in the Google Play Store. Researchers found that the updated version of Joker was able to download additional malware to the device.
According to the research, these apps were subscribing to premium services on behalf of users, without their knowledge. This means you could lose your money on a subscription without actually subscribing to any service. To pass Google Play’s protection, hackers used an old way of getting inside of an app.
Here is the list of apps (package names) infected with the jocker virus:
- com.cheery.message.sendsms (two different instances)
How Joker Malware Works?
Joker malware mainly utilized two components of a device, the Notification service that is part of the original application and a dynamic dex file. The dynamic dex file loaded from the C&C server to perform the registration of the user to any service.
To minimize the malware code, the developers hid the code by dynamically loading it onto a dex file, while ensuring that it is able to completely load when triggered. The code is inside of the dex file and is encoded as Base64 encoded strings. It darts decoding and load as soon as users open an infected app.
If You Were Using an Infected App, Then What You Need to Do?
If you were using one of these apps, infested by the Joker malware then you should remove the app from your phone as soon as you can. Further, check your mobile and credit card bills for any irregularities. If you find anything suspicious transactions, talk to your bank to raise the chargeback. Moreover, always use apps from trusted developers and always download the app from Google Play Store.
To let you know, Joker is one of the most frequently encountered malware for Android. It has made its way to apps on Google Play Store in the past. Google in January, removed over 1,700 apps that contained the malware Bread, also known as Joker. Indian Government also banned 59 Chinese apps in India over data privacy and security.