The Joker malware is a “Fleeceware” that infects popular apps and enters the user's phone when the apps are downloaded. This malware simply subscribes users to paid services online without taking their permission. It can also click on online ads automatically
For example, It steals money from users by subscribing them to paid subscriptions without the user's consent. It first simulates interaction with ads without users' knowledge and then steals the victim’s SMS messages including OTP to authenticate payments.
The user may not know that they have been signed up for a paid subscription service and that their money has been deducted from their account unless they receive a message or notification stating their account statements etc...
According to Check Point, “Joker keeps finding its way into Google’s official application market as a result of small changes to its code, which enables it to get past the Play store’s security and vetting barriers.”
Now there are two new variants of the Joker Malware,
a. Dropper.
b. Premium Dialer.
The report stated that this time the malicious actor behind Joker “adopted an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection by Google.”
The Joker malware uses two components –
a. Notification Listener service that is part of the original application
b. A Dynamic DEX file (A Dalvik Executable File is an executable file saved in a format that contains compiled code written for Android) loaded from the C&C server (Command and Control) to perform the registration of the user to the services.
During an attempt to minimise Joker’s fingerprint, the person behind it hid the dynamically loaded DEX file from plain sight while still ensuring it is able to load – a commonly used and a well-known way of malware for Windows PCs. This new variant now hides the malicious DEX file inside the application as Base-64 encoded strings, ready to be decoded and loaded.
Apps which were affected/causing it in 2022 Attack
- Universal PDF Scanner
- Private Message
- Premium SMS
- Smart Messages
- Text Emoji SMS
- Blood Pressure Checker
- Funny Keyboard
- Memory Silent Camera
- Custom-Themed Keyboard
- Light Messages
- Themes Photo Keyboard
- Send SMS
- Themes Chat Messenger
- Instant Messenger
- Cool Keyboard
- Font Emoji Keyboard
- Mini PDF Scanner
- Smart SMS Messages
- Creative Emoji Keyboard
- Fancy SMS
- Fonts Emoji Keyboard
- Personal Message
- Funny Emoji Message
- Magic Photo Editor
- Professional Messages
- All Photo Translators
- Chat SMS
- Smile Emoji
- Wow Translator
- All Language Translator
- Cool Messages
- Blood Pressure Diary
- Chat Text SMS
- Hi Text SMS
- Emoji Theme Keyboard
- iMessager
- Text SMS
- Camera Translator
- Come Messages
- Painting Photo Editor
- Rich Theme Message
- Quick Talk Message
- Advanced SMS
- Professional Messenger
- Classic Game Messenger
- Style Message
- Private Game Messages
- Timestamp Camera
- Social Message
- Simple Note Scanner
Apps which were affected/causing it in 2021
- Easy PDF Scanner
- Now QRCode Scan
- Super-Click VPN
- Volume Booster Louder Sound Equalizer
- Battery Charging Animation Bubble Effects
- Smart TV Remote
- Volume Boosting Hearing Aid
- Flashlight Flash Alert on Call
- Halloween Coloring
- Classic Emoji Keyboard
- Super Hero-Effect
- Dazzling Keyboard
- EmojiOne Keyboard
- Battery Charging Animation Wallpaper
- Blender Photo Editor-Easy Photo Background Editor
Apps which were affected/causing it in 2020
- com.imagecompress.android
- com.contact.withme.texts
- com.hmvoice.friendsms
- com.relax.relaxation.androidsms
- com.cheery.message.sendsms
- com.cheery.message.sendsms
- com.peason.lovinglovemessage
- com.file.recovefiles
- com.LPlocker.lockapps
- com.remindme.alram
- com.training.memorygame
Top comments (0)