DEV Community

Cover image for Joker Malware Returns - An Antagonist in Your Android Devices
Adithya Krishna
Adithya Krishna

Posted on

Joker Malware Returns - An Antagonist in Your Android Devices

The Joker malware is a “Fleeceware” that infects popular apps and enters the user's phone when the apps are downloaded. This malware simply subscribes users to paid services online without taking their permission. It can also click on online ads automatically

For example, It steals money from users by subscribing them to paid subscriptions without the user's consent. It first simulates interaction with ads without users' knowledge and then steals the victim’s SMS messages including OTP to authenticate payments.

Joker Malware

The user may not know that they have been signed up for a paid subscription service and that their money has been deducted from their account unless they receive a message or notification stating their account statements etc...

According to Check Point, “Joker keeps finding its way into Google’s official application market as a result of small changes to its code, which enables it to get past the Play store’s security and vetting barriers.”

Now there are two new variants of the Joker Malware,

a. Dropper.
b. Premium Dialer.

The report stated that this time the malicious actor behind Joker “adopted an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection by Google.”

The Joker malware uses two components –

a. Notification Listener service that is part of the original application

b. A Dynamic DEX file (A Dalvik Executable File is an executable file saved in a format that contains compiled code written for Android) loaded from the C&C server (Command and Control) to perform the registration of the user to the services.

During an attempt to minimise Joker’s fingerprint, the person behind it hid the dynamically loaded DEX file from plain sight while still ensuring it is able to load – a commonly used and a well-known way of malware for Windows PCs. This new variant now hides the malicious DEX file inside the application as Base-64 encoded strings, ready to be decoded and loaded.

Apps which were affected/causing it in 2022 Attack

  1. Universal PDF Scanner
  2. Private Message
  3. Premium SMS
  4. Smart Messages
  5. Text Emoji SMS
  6. Blood Pressure Checker
  7. Funny Keyboard
  8. Memory Silent Camera
  9. Custom-Themed Keyboard
  10. Light Messages
  11. Themes Photo Keyboard
  12. Send SMS
  13. Themes Chat Messenger
  14. Instant Messenger
  15. Cool Keyboard
  16. Font Emoji Keyboard
  17. Mini PDF Scanner
  18. Smart SMS Messages
  19. Creative Emoji Keyboard
  20. Fancy SMS
  21. Fonts Emoji Keyboard
  22. Personal Message
  23. Funny Emoji Message
  24. Magic Photo Editor
  25. Professional Messages
  26. All Photo Translators
  27. Chat SMS
  28. Smile Emoji
  29. Wow Translator
  30. All Language Translator
  31. Cool Messages
  32. Blood Pressure Diary
  33. Chat Text SMS
  34. Hi Text SMS
  35. Emoji Theme Keyboard
  36. iMessager
  37. Text SMS
  38. Camera Translator
  39. Come Messages
  40. Painting Photo Editor
  41. Rich Theme Message
  42. Quick Talk Message
  43. Advanced SMS
  44. Professional Messenger
  45. Classic Game Messenger
  46. Style Message
  47. Private Game Messages
  48. Timestamp Camera
  49. Social Message
  50. Simple Note Scanner

Apps which were affected/causing it in 2021

  1. Easy PDF Scanner
  2. Now QRCode Scan
  3. Super-Click VPN
  4. Volume Booster Louder Sound Equalizer
  5. Battery Charging Animation Bubble Effects
  6. Smart TV Remote
  7. Volume Boosting Hearing Aid
  8. Flashlight Flash Alert on Call
  9. Halloween Coloring
  10. Classic Emoji Keyboard
  11. Super Hero-Effect
  12. Dazzling Keyboard
  13. EmojiOne Keyboard
  14. Battery Charging Animation Wallpaper
  15. Blender Photo Editor-Easy Photo Background Editor

Apps which were affected/causing it in 2020

  1. com.imagecompress.android
  2. com.contact.withme.texts
  3. com.hmvoice.friendsms
  4. com.relax.relaxation.androidsms
  5. com.cheery.message.sendsms
  6. com.cheery.message.sendsms
  7. com.peason.lovinglovemessage
  8. com.file.recovefiles
  9. com.LPlocker.lockapps
  10. com.remindme.alram
  11. com.training.memorygame

Top comments (0)