Les virus parviennent à ne pas être détectés pendant l'étape de validation par Google. © Geralt, Pixabay

Joker virus is back on Android

The Joker malware has once again succeeded in thwarting the security of the Play Store. This time he hid in a fun and harmless SMS personalization app.

You will also be interested


[EN VIDÉO] Do our smartphones kill insects?
Insects are seriously threatened by pesticides, urbanization and intensive agriculture. But cell phone waves can harm them, too.

Impossible to get rid of it! The Joker virus that has been calling itself for nearly four years was discovered in the Google Play Store again last week. He is a specialist in cyber security radio who you know in a Request the name of the thing colorful message. This application that is designed to make exchanges short message With her set of emojis, it was deleted a few days before Play a store. The problem was that it had time to download more than 500,000 times. Radio, who made it his” corpse dissection “,” states that Viral burden Came to connect to the Russian servers.

With such an app, Joker had a perfect container. To use it, you had to give it permissions to access contacts and message content, as well as to manage short message. What facilitates data collection to feed campaigns phishing, for example. These are the same campaigns that allow us to retrieve IDs and why not get the double factor protection code received by short message exactly.

Terribly sober

Likewise, controlling a messaging app can allow a user to subscribe to paid services without their knowledge. via short message. yes the Malware The Joker keeps coming back to the Google Gallery, and it’s very hard to spot due to its small size. This summer, the Joker is already found in eight apps for Android. The lesser evil because it was previously present in hundreds of applications. Again, despite Google’s advances in Theme Its Play Store security, it is better not to think outside the box and choose trusted apps that are known.

READ  Back: Video analysis reveals the game is "pushing the PS5 GPU to the limit"

Android: Joker virus is back and affecting 17 popular apps

For three years, this virus has regularly infected apps on the Play Store. The principle remains the same: spy on your personal data and then sign up for paid services. Below is a list of 17 infected apps that you should uninstall urgently.

Article by Fabrice Auclert, published on 01/06/2021

It was thought to be gone, but the Joker virus still haunts the Google Play Store. Malware Valid since 2017, seen this summer, and here again it hits no less than 17 apps. Obviously, you should uninstall it while Google already deleted it from a file Play Store.

They are researchers from the ThreatLabz team, from the cloud security company Zscaler, Which identified the 17 infected apps, and as every time, the virus is hiding in a component of the seemingly common and harmless application. Then the Joker proceeds through several stages. First, as a TrojansIt is executed the first time the application is launched. So it loads in the background, and then takes the opportunity to start downloading a more malicious component.

Do not give access to your SMS or directory

From there, always in the background and without being detectable, the spy phase begins: short messagecontact lists, username, and The password It has been hacked…and the worst is yet to come because the malware is then capable of subscribing the user to paid services! So it is necessary to monitor closely ApplicationsWho have access to SMS and contact lists, especially not to give them access!

READ  New Games of the Week introduces a brand new PS5 game

Often times, the user answers “yes” to the other windows Without realizing that it provides special functions of the phone that hackers can exploit. Another tip: Look at the reviews posted on an app before downloading it, but also look at the number of filesstars. Infected apps are often detected by users.

Android: Watch out for this virus that subscribes to paid services

As of 2017, Joker malware has infected Android apps, and 11 of them have continued to trick users into subscribing to paid services. This new variable bypasses Google’s validation and security steps.

Posted on 10/07/2020 by Fabrice Auclert

The cat and mouse game between pirates and . continues google apps Since the company Check point I discovered new traces of Joker, a malware that was identified in 2017, and is believed to have been eradicated. his specialty? Hide in classic and popular applications to activate payment for “in-app” services, such as paid options. All without the user’s knowledge.

This Thursday, security experts from Check Point discovered its presence in eleven applications, amassing 500,000 downloads. Obviously, the most disturbing thing is that these eleven apps are available from Play Store. This Joker variant has found a new way to play Trojans to hide in apps, thus embedding itself in smart phone. the Malware It is hidden in the manifest file that every developer must integrate into their application, and it is placed in the root of the application folder. It contains information about the author, logo, version, etc.

Malware disappears during the validation phase

In this file the Joker puts malicious code there, but it is encoded in base 64, and therefore unrecognizable. While Google is scanning the file for l’application For validation, the code is inactive. Once validation is enabled and security checks are passed, the hacker server runs the command hidden in this code and Malware Thus it can be active.

READ  LeBron James knows where you want his NBA career to end

Google alert immediately Remove these apps from play storeHowever, it is clearly recommended to uninstall them. These are ImageCompress, WithMe Texts, FriendSMS, Relaxation Relaxation, Cherry Messages, LovingLove, RecoveFiles, RemindMe Alarm, and Training Memory Game. It is also advisable to take a look at your bank account and check that there are no fraudulent withdrawals.

Interested in what you just read?

Leave a Reply

Your email address will not be published. Required fields are marked *