On Tuesday (20 July), cybersecurity researchers from Zscaler’s ThreatLabz discovered that malicious Android apps harboring the Joker malware in the Google Play Store.
According to ZDNet, the cybersecurity researchers said that a total of 11 apps were discovered to have been infected with the Joker Malware and were found on the Google Play Store. In addition, the apps managed to notch up to 30,000 installs.
It was also reported that the Joker malware family is a well-known variant that focuses on compromising Android devices. Joker is designed to spy on its victims, steal information, harvest contact lists and monitor SMS messaging.
When the malicious app containing the Joker malware is being installed on a device, they may be used to conduct financial fraud such as by covertly sending text messages to premium numbers or by signing up victims to wireless application protocol (WAP) services, earning their operators a slice of the proceeds.
In addition, the Joker malware also abuses the Android alert systems by asking for permission to read all notifications. If the user grants the permission, the malware will hide notifications relating to fraudulent service sign-ups.
The apps discovered to have contained the Joker malware includes “Translate Free,” “PDF Converter Scanner,” “Free Affluent Message,” and “delux Keyboard.”
According to the report, Joker malware operators are constantly changing their methods to bypass security mechanisms and Google Play vetting processes.
“Despite public awareness of this particular malware, it keeps finding its way into Google’s official application market by employing changes in its code, execution methods, or payload-retrieving techniques.” the researchers say.
“Unlike the previous campaign where the payloads were retrieved from the Alibaba Cloud, in this campaign we saw the Joker-infected apps download the mediator payload with URL shortener services like TinyURL, bit.ly, Rebrand.ly, zws.im or 27url.cn to hide the known cloud service URLs serving stage payloads.” ThreatLabz says.
Nonetheless, it is really worrying that the malware repeatedly manages to get back onto the Play Store, despite Google’s protection. Google uses its internal Bouncer checks for apps submitted to the Play Store, along with on-device scanning using Google Play Protect but they kept coming back.
As an advice for the public, users must make sure they only install well-known apps from Google Play Store in order to their data safe while using their Android smartphone and prevent unauthorised charges.
In addition, users are required do to their own research on the app they wanted to download before actually downloading it.
Lastly, users can download security tools like Malwarebytes or Sophos Mobile to quickly scan and remove unwanted malware from their device.