What is Joker malware on Android smartphone and how does it infect apps? All you want to know
The Joker seems to be back on Google, attacking Android smartphone users.
- Joker has been a type of malware for Android that has several time invaded Google’s official application market.
- This is a result of small changes to its code, which enables it to get past the Play store’s security and vetting barriers.
- Joker adopted an old technique from the conventional PC threat landscape to avoid detection by Google.
Trending Photos
New Delhi: Google had long been fighting with the Joker malware, which finds some way or the other to get into Android smartphones.
The Joker seems to be back on Google, attacking Android smartphone users. Highlighted by Check Point, their researchers recently discovered a new variant of the Joker Dropper and Premium Dialer spyware in Google Play.
“Hiding in seemingly legitimate applications, we found that this updated version of Joker was able to download additional malware to the device, which subscribes the user to premium services without their knowledge or consent,” the research said.
What is the Joker Malware?
The research said that Joker has been a type of malware for Android that has several time invaded Google’s official application market. This is a result of “small changes to its code, which enables it to get past the Play store’s security and vetting barriers”, it said.
“This time, however, the malicious actor behind Joker adopted an old technique from the conventional PC threat landscape and used it in the mobile app world to avoid detection by Google. To realize the ability of subscribing app users to premium services without their knowledge or consent, the Joker utilized two main components – the Notification Listener service that is part of the original application, and a dynamic dex file loaded from the C&C server to perform the registration of the user to the services,” the research said.
Check Point further found that in an attempt to "minimize Joker’s fingerprint, the actor behind it hid the dynamically loaded dex file from sight while still ensuring it is able to load – a technique which is well-known to developers of malware for Windows PCs. This new variant now hides the malicious dex file inside the application as Base64 encoded strings, ready to be decoded and loaded".
Check Point highlights the following 11 IOC’s
com.imagecompress.android
com.contact.withme.texts
com.hmvoice.friendsms
com.relax.relaxation.androidsms
com.cheery.message.sendsms
com.cheery.message.sendsms
com.peason.lovinglovemessage
com.file.recovefiles
com.LPlocker.lockapps
com.remindme.alram
com.training.memorygame
It may be recalled that the search engine giant Google was recently learned to have struck down 25 apps for phishing on the Facebook login credentials of users.
Stay informed on all the latest news, real-time breaking news updates, and follow all the important headlines in india news and world News on Zee News.
Live Tv